VYPR
Medium severity5.4NVD Advisory· Published Jan 11, 2024· Updated Jun 17, 2026

CVE-2024-22195

CVE-2024-22195

Description

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja xmlattr filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
jinja2PyPI
< 3.1.33.1.3

Affected products

155

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.