[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-34064":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":47,"downstream":48,"duplicates":105,"related":106,"reserved_at":9,"published_at":134,"modified_at":135,"state":136,"summary":137,"references_raw":146,"kevs":209,"epss":210,"epss_history":213,"metrics":479,"affected":489},"CVE-2024-34064","Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[46],"GHSA-h75v-3vvj-5mfj",[],[49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83,85,87,89,91,93,95,97,99,101,103],{"_key":50},"ALPINE-CVE-2024-34064",{"_key":52},"SUSE-SU-2024:1863-2",{"_key":54},"SUSE-SU-2024:1948-1",{"_key":56},"UBUNTU-CVE-2024-34064",{"_key":58},"SUSE-SU-2024:1863-1",{"_key":60},"SUSE-SU-2024:1864-1",{"_key":62},"OPENSUSE-SU-2024:13930-1",{"_key":64},"DLA-3988-1",{"_key":66},"SUSE-SU-2025:20035-1",{"_key":68},"MGASA-2024-0199",{"_key":70},"DEBIAN-CVE-2024-34064",{"_key":72},"USN-6787-1",{"_key":74},"RHSA-2024:3781",{"_key":76},"RHSA-2024:3795",{"_key":78},"RHSA-2024:3811",{"_key":80},"RHSA-2024:3820",{"_key":82},"RHSA-2024:4231",{"_key":84},"RHSA-2024:4404",{"_key":86},"RHSA-2024:4414",{"_key":88},"RHSA-2024:4427",{"_key":90},"RHSA-2024:4522",{"_key":92},"RHSA-2024:4616",{"_key":94},"RHSA-2024:4958",{"_key":96},"RHSA-2024:5662",{"_key":98},"RHSA-2024:5810",{"_key":100},"RHSA-2024:6011",{"_key":102},"RHSA-2024:9150",{"_key":104},"RHSA-2025:1335",[],[107,108,109,110,111,112,113,114,116,118,120,122,124,126,128,130,132],{"_key":52},{"_key":54},{"_key":58},{"_key":60},{"_key":62},{"_key":66},{"_key":68},{"_key":115},"CGA-3H69-X6CF-G5C9",{"_key":117},"CGA-8HP4-MXQ9-CFJP",{"_key":119},"CGA-8Q5R-J4HW-JRCV",{"_key":121},"CGA-96R3-MW5W-QVMR",{"_key":123},"CGA-J4QQ-J23R-522F",{"_key":125},"CGA-PH4R-HMW2-VP9R",{"_key":127},"CGA-RWRM-VM7R-MRMJ",{"_key":129},"CGA-W4RQ-C3CF-82F3",{"_key":131},"CGA-X9J2-VG55-H4P4",{"_key":133},"CGA-5Q7V-98VJ-3XPG","2024-05-06T14:41:39.912Z","2025-11-03T21:54:48.796Z","Modified",{"cisa_kev":138,"cisa_ransomware":138,"cisa_vendor":9,"epss_severity":139,"epss_score":140,"severity":141,"severity_score":142,"severity_version":143,"severity_source":144,"severity_vector":145,"severity_status":136},false,"low",0.0123,"medium",5.4,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",[147,156,162,167,171,175,179,183,188,193,197,201,205],{"url":148,"sources":149,"tags":152},"https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj",[144,150,151],"nvd","osv_pypi",[153,154,155],"X Refsource CONFIRM","Vendor Advisory","WEB",{"url":157,"sources":158,"tags":159},"https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb",[144,150,151],[160,161,155],"X Refsource MISC","Patch",{"url":163,"sources":164,"tags":165},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS/",[144,150],[166],"Mailing List",{"url":168,"sources":169,"tags":170},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE/",[144,150],[166],{"url":172,"sources":173,"tags":174},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS/",[144,150],[166],{"url":176,"sources":177,"tags":178},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC/",[144,150],[166],{"url":180,"sources":181,"tags":182},"https://lists.debian.org/debian-lts-announce/2024/12/msg00009.html",[144,150,151],[155],{"url":184,"sources":185,"tags":186},"https://nvd.nist.gov/vuln/detail/CVE-2024-34064",[151],[187],"Advisory",{"url":189,"sources":190,"tags":191},"https://github.com/pallets/jinja",[151],[192],"PACKAGE",{"url":194,"sources":195,"tags":196},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC",[151],[155],{"url":198,"sources":199,"tags":200},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE",[151],[155],{"url":202,"sources":203,"tags":204},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS",[151],[155],{"url":206,"sources":207,"tags":208},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS",[151],[155],[],{"date":211,"score":140,"percentile":212},"2026-06-04",0.795,[214,218,221,224,227,229,232,235,238,241,244,247,250,253,256,260,263,266,270,273,276,279,282,285,288,291,294,297,300,303,306,309,311,313,316,319,322,326,329,332,335,338,341,344,347,350,353,356,359,362,365,368,371,374,377,380,383,386,389,392,395,398,401,404,406,409,412,415,417,420,423,426,429,432,435,438,440,443,446,449,451,454,457,460,463,466,469,471,473,476],{"date":215,"score":216,"percentile":217},"2025-11-04",0.00673,0.70598,{"date":219,"score":216,"percentile":220},"2025-11-05",0.70584,{"date":222,"score":216,"percentile":223},"2025-11-06",0.70582,{"date":225,"score":216,"percentile":226},"2025-11-07",0.70597,{"date":228,"score":216,"percentile":217},"2025-11-08",{"date":230,"score":216,"percentile":231},"2025-11-09",0.70591,{"date":233,"score":216,"percentile":234},"2025-11-10",0.70576,{"date":236,"score":216,"percentile":237},"2025-11-11",0.70585,{"date":239,"score":216,"percentile":240},"2025-11-12",0.70607,{"date":242,"score":216,"percentile":243},"2025-11-13",0.70614,{"date":245,"score":216,"percentile":246},"2025-11-14",0.70622,{"date":248,"score":216,"percentile":249},"2025-11-15",0.70623,{"date":251,"score":216,"percentile":252},"2025-11-16",0.70618,{"date":254,"score":216,"percentile":255},"2025-11-17",0.70612,{"date":257,"score":258,"percentile":259},"2025-11-18",0.01489,0.79423,{"date":261,"score":258,"percentile":262},"2025-11-19",0.79429,{"date":264,"score":258,"percentile":265},"2025-11-20",0.79435,{"date":267,"score":268,"percentile":269},"2025-11-21",0.00849,0.7415,{"date":271,"score":268,"percentile":272},"2025-11-22",0.74143,{"date":274,"score":268,"percentile":275},"2025-11-23",0.74129,{"date":277,"score":268,"percentile":278},"2025-11-24",0.74126,{"date":280,"score":268,"percentile":281},"2025-11-25",0.74127,{"date":283,"score":268,"percentile":284},"2025-11-26",0.74132,{"date":286,"score":268,"percentile":287},"2025-11-27",0.74134,{"date":289,"score":268,"percentile":290},"2025-11-28",0.74123,{"date":292,"score":268,"percentile":293},"2025-11-29",0.7412,{"date":295,"score":268,"percentile":296},"2025-11-30",0.74116,{"date":298,"score":268,"percentile":299},"2025-12-01",0.7425,{"date":301,"score":268,"percentile":302},"2025-12-02",0.74256,{"date":304,"score":268,"percentile":305},"2025-12-03",0.74255,{"date":307,"score":268,"percentile":308},"2025-12-04",0.74122,{"date":310,"score":268,"percentile":284},"2025-12-05",{"date":312,"score":268,"percentile":287},"2025-12-06",{"date":314,"score":268,"percentile":315},"2025-12-07",0.74133,{"date":317,"score":268,"percentile":318},"2025-12-08",0.74137,{"date":320,"score":268,"percentile":321},"2025-12-09",0.74166,{"date":323,"score":324,"percentile":325},"2025-12-10",0.01147,0.7789,{"date":327,"score":324,"percentile":328},"2025-12-11",0.77905,{"date":330,"score":324,"percentile":331},"2025-12-12",0.77923,{"date":333,"score":324,"percentile":334},"2025-12-13",0.77924,{"date":336,"score":324,"percentile":337},"2025-12-14",0.7792,{"date":339,"score":324,"percentile":340},"2025-12-15",0.77917,{"date":342,"score":324,"percentile":343},"2025-12-16",0.77928,{"date":345,"score":324,"percentile":346},"2025-12-17",0.77938,{"date":348,"score":324,"percentile":349},"2025-12-18",0.77954,{"date":351,"score":324,"percentile":352},"2025-12-19",0.77967,{"date":354,"score":324,"percentile":355},"2025-12-20",0.7796,{"date":357,"score":324,"percentile":358},"2025-12-21",0.77955,{"date":360,"score":324,"percentile":361},"2025-12-22",0.77956,{"date":363,"score":324,"percentile":364},"2025-12-23",0.77959,{"date":366,"score":324,"percentile":367},"2025-12-24",0.7797,{"date":369,"score":324,"percentile":370},"2025-12-25",0.7799,{"date":372,"score":324,"percentile":373},"2025-12-26",0.77987,{"date":375,"score":324,"percentile":376},"2025-12-27",0.78036,{"date":378,"score":324,"percentile":379},"2025-12-28",0.77976,{"date":381,"score":324,"percentile":382},"2025-12-29",0.77973,{"date":384,"score":324,"percentile":385},"2025-12-30",0.77978,{"date":387,"score":324,"percentile":388},"2025-12-31",0.77991,{"date":390,"score":324,"percentile":391},"2026-01-01",0.7811,{"date":393,"score":324,"percentile":394},"2026-01-02",0.78111,{"date":396,"score":324,"percentile":397},"2026-01-03",0.78109,{"date":399,"score":324,"percentile":400},"2026-01-04",0.77992,{"date":402,"score":324,"percentile":403},"2026-01-05",0.77984,{"date":405,"score":324,"percentile":400},"2026-01-06",{"date":407,"score":324,"percentile":408},"2026-01-07",0.77998,{"date":410,"score":324,"percentile":411},"2026-01-08",0.78005,{"date":413,"score":324,"percentile":414},"2026-01-09",0.78009,{"date":416,"score":324,"percentile":414},"2026-01-10",{"date":418,"score":324,"percentile":419},"2026-01-11",0.78,{"date":421,"score":324,"percentile":422},"2026-01-12",0.77986,{"date":424,"score":324,"percentile":425},"2026-01-13",0.77985,{"date":427,"score":324,"percentile":428},"2026-01-14",0.78007,{"date":430,"score":324,"percentile":431},"2026-01-15",0.78011,{"date":433,"score":324,"percentile":434},"2026-01-16",0.7802,{"date":436,"score":324,"percentile":437},"2026-01-17",0.78026,{"date":439,"score":324,"percentile":434},"2026-01-18",{"date":441,"score":324,"percentile":442},"2026-01-19",0.78019,{"date":444,"score":324,"percentile":445},"2026-01-20",0.78012,{"date":447,"score":324,"percentile":448},"2026-01-21",0.78018,{"date":450,"score":324,"percentile":437},"2026-01-22",{"date":452,"score":324,"percentile":453},"2026-01-23",0.78053,{"date":455,"score":324,"percentile":456},"2026-01-24",0.78064,{"date":458,"score":324,"percentile":459},"2026-01-25",0.78057,{"date":461,"score":324,"percentile":462},"2026-01-26",0.78052,{"date":464,"score":324,"percentile":465},"2026-01-27",0.78051,{"date":467,"score":324,"percentile":468},"2026-01-28",0.78056,{"date":470,"score":324,"percentile":462},"2026-01-29",{"date":472,"score":324,"percentile":468},"2026-01-30",{"date":474,"score":324,"percentile":475},"2026-01-31",0.78058,{"date":477,"score":324,"percentile":478},"2026-02-01",0.78169,[480,485,487],{"source":144,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":481,"cvss_v4_0":9},{"baseScore":142,"baseSeverity":482,"vectorString":145,"impactScore":483,"exploitabilityScore":484},"MEDIUM",4.2,7.2,{"source":150,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":486,"cvss_v4_0":9},{"baseScore":142,"baseSeverity":482,"vectorString":145,"impactScore":483,"exploitabilityScore":484},{"source":151,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":488,"cvss_v4_0":9},{"baseScore":142,"baseSeverity":9,"vectorString":145,"impactScore":483,"exploitabilityScore":484},[490,500,510,515],{"ecosystem":9,"name":491,"vendor":492,"product":491,"cpe_part":493,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":494},"fedora","fedoraproject","o",[495,498],{"version":496,"is_range":138,"range_type":497,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"39","cpe",{"version":499,"is_range":138,"range_type":497,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"40",{"ecosystem":9,"name":501,"vendor":502,"product":501,"cpe_part":503,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":504},"jinja","pallets","a",[505],{"version":506,"is_range":507,"range_type":144,"version_start":9,"version_start_type":9,"version_end":508,"version_end_type":509,"fixed_in":9},"\u003C 3.1.4",true,"3.1.4","excluding",{"ecosystem":9,"name":501,"vendor":511,"product":501,"cpe_part":503,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":512},"palletsprojects",[513],{"version":514,"is_range":507,"range_type":497,"version_start":9,"version_start_type":9,"version_end":508,"version_end_type":509,"fixed_in":9},"lt3.1.4",{"ecosystem":516,"name":517,"vendor":516,"product":517,"cpe_part":9,"purl_type":518,"purl_namespace":9,"purl_name":517,"source":9,"versions":519},"PyPI","jinja2","pypi",[520],{"version":521,"is_range":507,"range_type":522,"version_start":9,"version_start_type":9,"version_end":508,"version_end_type":509,"fixed_in":9},"lt3_1_4","ecosystem"]