[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-56201":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":35,"aliases":36,"duplicate_of":9,"upstream":38,"downstream":39,"duplicates":86,"related":87,"reserved_at":9,"published_at":128,"modified_at":129,"state":130,"summary":131,"references_raw":140,"kevs":176,"epss":177,"epss_history":180,"metrics":448,"affected":467},"CVE-2024-56201","Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-150","Improper Neutralization of Escape, Meta, or Control Sequences","The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.","weakness","Incomplete","Variant",[19,23,27,31],{"id":20,"name":21,"techniques":22},"CAPEC-134","Email Injection",[],{"id":24,"name":25,"techniques":26},"CAPEC-41","Using Meta-characters in E-mail Headers to Inject Malicious Payloads",[],{"id":28,"name":29,"techniques":30},"CAPEC-81","Web Server Logs Tampering",[],{"id":32,"name":33,"techniques":34},"CAPEC-93","Log Injection-Tampering-Forging",[],[],[37],"GHSA-gmj6-6f8f-6699",[],[40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84],{"_key":41},"ALPINE-CVE-2024-56201",{"_key":43},"UBUNTU-CVE-2024-56201",{"_key":45},"USN-7244-1",{"_key":47},"SUSE-SU-2025:0006-1",{"_key":49},"OPENSUSE-SU-2025:14997-1",{"_key":51},"SUSE-SU-2025:20117-1",{"_key":53},"SUSE-SU-2025:20254-1",{"_key":55},"DEBIAN-CVE-2024-56201",{"_key":57},"USN-7343-1",{"_key":59},"RHSA-2025:0308",{"_key":61},"RHSA-2025:0335",{"_key":63},"RHSA-2025:0338",{"_key":65},"RHSA-2025:0345",{"_key":67},"RHSA-2025:0656",{"_key":69},"RHSA-2025:0721",{"_key":71},"RHSA-2025:0777",{"_key":73},"RHSA-2025:0830",{"_key":75},"RHSA-2025:0834",{"_key":77},"RHSA-2025:0842",{"_key":79},"RHSA-2025:1118",{"_key":81},"RHSA-2025:1130",{"_key":83},"RHSA-2025:1861",{"_key":85},"RHSA-2025:3491",[],[88,89,90,91,92,94,96,98,100,102,104,106,108,110,112,114,116,118,120,122,124,126],{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":93},"CGA-2589-9XPR-FMP7",{"_key":95},"CGA-372M-J842-XPMM",{"_key":97},"CGA-5JXW-7GV5-JV29",{"_key":99},"CGA-6PVQ-6WW4-F29G",{"_key":101},"CGA-9FMG-5576-4H3W",{"_key":103},"CGA-9X7G-9RFP-4XHM",{"_key":105},"CGA-F7CF-H8JG-FWMV",{"_key":107},"CGA-GVVW-7W3R-7M54",{"_key":109},"CGA-H79H-32W2-7VMP",{"_key":111},"CGA-JJJ9-FV4H-C9CV",{"_key":113},"CGA-JR6G-XXJR-RGC8",{"_key":115},"CGA-MVQG-6J62-4PJM",{"_key":117},"CGA-Q48P-2QPP-M58H",{"_key":119},"CGA-VJ5F-6MC5-Q329",{"_key":121},"CGA-VM55-CFMF-JR9R",{"_key":123},"CGA-W9XC-2J9J-8RRV",{"_key":125},"CGA-WHF8-42P9-686Q",{"_key":127},"CGA-CXRH-G24G-3973","2024-12-23T15:37:36.110Z","2025-02-18T21:47:42.763Z","Analyzed",{"cisa_kev":132,"cisa_ransomware":132,"cisa_vendor":9,"epss_severity":133,"epss_score":134,"severity":135,"severity_score":136,"severity_version":137,"severity_source":138,"severity_vector":139,"severity_status":130},false,"low",0.00573,"high",8.8,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",[141,150,156,161,166,171],{"url":142,"sources":143,"tags":146},"https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699",[144,138,145],"cve.org","osv_pypi",[147,148,149],"X Refsource CONFIRM","Vendor Advisory","WEB",{"url":151,"sources":152,"tags":153},"https://github.com/pallets/jinja/issues/1792",[144,138,145],[154,155,149],"X Refsource MISC","Issue Tracking",{"url":157,"sources":158,"tags":159},"https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f",[144,138,145],[154,160,149],"Patch",{"url":162,"sources":163,"tags":164},"https://github.com/pallets/jinja/releases/tag/3.1.5",[144,138,145],[154,165,149],"Release Notes",{"url":167,"sources":168,"tags":169},"https://nvd.nist.gov/vuln/detail/CVE-2024-56201",[145],[170],"Advisory",{"url":172,"sources":173,"tags":174},"https://github.com/pallets/jinja",[145],[175],"PACKAGE",[],{"date":178,"score":134,"percentile":179},"2026-06-04",0.69094,[181,185,188,191,194,197,200,203,206,209,212,215,218,221,224,228,231,234,237,240,243,246,249,252,255,258,260,263,266,269,272,275,278,281,284,287,290,293,296,299,302,305,308,311,314,317,320,323,326,329,331,334,337,340,343,346,349,352,355,358,361,364,367,369,372,375,378,381,384,386,389,392,395,397,399,402,405,407,410,413,416,419,422,425,428,432,435,438,441,445],{"date":182,"score":183,"percentile":184},"2025-11-04",0.00031,0.0796,{"date":186,"score":183,"percentile":187},"2025-11-05",0.07983,{"date":189,"score":183,"percentile":190},"2025-11-06",0.08093,{"date":192,"score":183,"percentile":193},"2025-11-07",0.08113,{"date":195,"score":183,"percentile":196},"2025-11-08",0.0812,{"date":198,"score":183,"percentile":199},"2025-11-09",0.08088,{"date":201,"score":183,"percentile":202},"2025-11-10",0.08058,{"date":204,"score":183,"percentile":205},"2025-11-11",0.08087,{"date":207,"score":183,"percentile":208},"2025-11-12",0.08103,{"date":210,"score":183,"percentile":211},"2025-11-13",0.08143,{"date":213,"score":183,"percentile":214},"2025-11-14",0.08206,{"date":216,"score":183,"percentile":217},"2025-11-15",0.08237,{"date":219,"score":183,"percentile":220},"2025-11-16",0.08253,{"date":222,"score":183,"percentile":223},"2025-11-17",0.08244,{"date":225,"score":226,"percentile":227},"2025-11-18",0.00082,0.20162,{"date":229,"score":226,"percentile":230},"2025-11-19",0.20172,{"date":232,"score":226,"percentile":233},"2025-11-20",0.20146,{"date":235,"score":183,"percentile":236},"2025-11-21",0.08353,{"date":238,"score":183,"percentile":239},"2025-11-22",0.08291,{"date":241,"score":183,"percentile":242},"2025-11-23",0.08286,{"date":244,"score":183,"percentile":245},"2025-11-24",0.08273,{"date":247,"score":183,"percentile":248},"2025-11-25",0.0827,{"date":250,"score":183,"percentile":251},"2025-11-26",0.08277,{"date":253,"score":183,"percentile":254},"2025-11-27",0.08278,{"date":256,"score":183,"percentile":257},"2025-11-28",0.08256,{"date":259,"score":183,"percentile":239},"2025-11-29",{"date":261,"score":183,"percentile":262},"2025-11-30",0.0829,{"date":264,"score":183,"percentile":265},"2025-12-01",0.08322,{"date":267,"score":183,"percentile":268},"2025-12-02",0.08342,{"date":270,"score":183,"percentile":271},"2025-12-03",0.08366,{"date":273,"score":183,"percentile":274},"2025-12-04",0.08356,{"date":276,"score":183,"percentile":277},"2025-12-05",0.08369,{"date":279,"score":183,"percentile":280},"2025-12-06",0.08388,{"date":282,"score":183,"percentile":283},"2025-12-07",0.08394,{"date":285,"score":183,"percentile":286},"2025-12-08",0.08389,{"date":288,"score":183,"percentile":289},"2025-12-09",0.08427,{"date":291,"score":183,"percentile":292},"2025-12-10",0.08496,{"date":294,"score":183,"percentile":295},"2025-12-11",0.08535,{"date":297,"score":183,"percentile":298},"2025-12-12",0.08549,{"date":300,"score":183,"percentile":301},"2025-12-13",0.08565,{"date":303,"score":183,"percentile":304},"2025-12-14",0.08563,{"date":306,"score":183,"percentile":307},"2025-12-15",0.0849,{"date":309,"score":183,"percentile":310},"2025-12-16",0.08514,{"date":312,"score":183,"percentile":313},"2025-12-17",0.08599,{"date":315,"score":183,"percentile":316},"2025-12-18",0.08655,{"date":318,"score":183,"percentile":319},"2025-12-19",0.08657,{"date":321,"score":183,"percentile":322},"2025-12-20",0.08647,{"date":324,"score":183,"percentile":325},"2025-12-21",0.08589,{"date":327,"score":183,"percentile":328},"2025-12-22",0.0854,{"date":330,"score":183,"percentile":328},"2025-12-23",{"date":332,"score":183,"percentile":333},"2025-12-24",0.08554,{"date":335,"score":183,"percentile":336},"2025-12-25",0.08631,{"date":338,"score":183,"percentile":339},"2025-12-26",0.08632,{"date":341,"score":183,"percentile":342},"2025-12-27",0.08615,{"date":344,"score":183,"percentile":345},"2025-12-28",0.08629,{"date":347,"score":183,"percentile":348},"2025-12-29",0.0861,{"date":350,"score":183,"percentile":351},"2025-12-30",0.08576,{"date":353,"score":183,"percentile":354},"2025-12-31",0.08628,{"date":356,"score":183,"percentile":357},"2026-01-01",0.08688,{"date":359,"score":183,"percentile":360},"2026-01-02",0.08684,{"date":362,"score":183,"percentile":363},"2026-01-03",0.08683,{"date":365,"score":183,"percentile":366},"2026-01-04",0.08613,{"date":368,"score":183,"percentile":304},"2026-01-05",{"date":370,"score":183,"percentile":371},"2026-01-06",0.08548,{"date":373,"score":183,"percentile":374},"2026-01-07",0.08586,{"date":376,"score":183,"percentile":377},"2026-01-08",0.08659,{"date":379,"score":183,"percentile":380},"2026-01-09",0.0867,{"date":382,"score":183,"percentile":383},"2026-01-10",0.08682,{"date":385,"score":183,"percentile":336},"2026-01-11",{"date":387,"score":183,"percentile":388},"2026-01-12",0.08602,{"date":390,"score":183,"percentile":391},"2026-01-13",0.08567,{"date":393,"score":183,"percentile":394},"2026-01-14",0.08604,{"date":396,"score":183,"percentile":313},"2026-01-15",{"date":398,"score":183,"percentile":354},"2026-01-16",{"date":400,"score":183,"percentile":401},"2026-01-17",0.08648,{"date":403,"score":183,"percentile":404},"2026-01-18",0.08609,{"date":406,"score":183,"percentile":301},"2026-01-19",{"date":408,"score":183,"percentile":409},"2026-01-20",0.08521,{"date":411,"score":183,"percentile":412},"2026-01-21",0.08508,{"date":414,"score":183,"percentile":415},"2026-01-22",0.08475,{"date":417,"score":183,"percentile":418},"2026-01-23",0.0857,{"date":420,"score":183,"percentile":421},"2026-01-24",0.08636,{"date":423,"score":183,"percentile":424},"2026-01-25",0.08608,{"date":426,"score":183,"percentile":427},"2026-01-26",0.08568,{"date":429,"score":430,"percentile":431},"2026-01-27",0.0011,0.29812,{"date":433,"score":430,"percentile":434},"2026-01-28",0.29798,{"date":436,"score":430,"percentile":437},"2026-01-29",0.29757,{"date":439,"score":430,"percentile":440},"2026-01-30",0.29749,{"date":442,"score":443,"percentile":444},"2026-01-31",0.00459,0.63517,{"date":446,"score":443,"percentile":447},"2026-02-01",0.63662,[449,454,461],{"source":144,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":450},{"baseScore":451,"baseSeverity":452,"vectorString":453,"impactScore":9,"exploitabilityScore":9},5.4,"MEDIUM","CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",{"source":138,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":455,"cvss_v4_0":459},{"baseScore":136,"baseSeverity":456,"vectorString":139,"impactScore":457,"exploitabilityScore":458},"HIGH",10,5.1,{"baseScore":451,"baseSeverity":452,"vectorString":460,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",{"source":145,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":462,"cvss_v4_0":466},{"baseScore":136,"baseSeverity":9,"vectorString":463,"impactScore":464,"exploitabilityScore":465},"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",9.8,7.2,{"baseScore":451,"baseSeverity":9,"vectorString":453,"impactScore":9,"exploitabilityScore":9},[468,480,486],{"ecosystem":9,"name":469,"vendor":470,"product":469,"cpe_part":471,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":472},"jinja","pallets","a",[473],{"version":474,"is_range":475,"range_type":144,"version_start":476,"version_start_type":477,"version_end":478,"version_end_type":479,"fixed_in":9},">= 3.0.0, \u003C 3.1.5",true,"3.0.0","including","3.1.5","excluding",{"ecosystem":9,"name":469,"vendor":481,"product":469,"cpe_part":471,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":482},"palletsprojects",[483],{"version":484,"is_range":475,"range_type":485,"version_start":476,"version_start_type":477,"version_end":478,"version_end_type":479,"fixed_in":9},"gte3.0.0_lt3.1.5","cpe",{"ecosystem":487,"name":488,"vendor":487,"product":488,"cpe_part":9,"purl_type":489,"purl_namespace":9,"purl_name":488,"source":9,"versions":490},"PyPI","jinja2","pypi",[491],{"version":492,"is_range":475,"range_type":493,"version_start":476,"version_start_type":477,"version_end":478,"version_end_type":479,"fixed_in":9},"gte3_0_0_lt3_1_5","ecosystem"]