Issued at: 2024-07-15
Updated at: 2024-07-15
Synopsis
Moderate: python-jinja2 security update
Description
The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment.
Security Fix(es):
* jinja2: accepts keys containing non-attribute characters (CVE-2024-34064)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.