[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-56326":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":301,"aliases":302,"duplicate_of":9,"upstream":304,"downstream":305,"duplicates":382,"related":383,"reserved_at":9,"published_at":429,"modified_at":430,"state":431,"summary":432,"references_raw":441,"kevs":476,"epss":477,"epss_history":480,"metrics":745,"affected":762},"CVE-2024-56326","Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5.",null,[11,294],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-693","Protection Mechanism Failure","The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.","weakness","Draft","Pillar",[19,67,71,130,172,176,180,184,188,192,202,206,223,227,238,286,290],{"id":20,"name":21,"techniques":22},"CAPEC-1","Accessing Functionality Not Properly Constrained by ACLs",[23],{"id":24,"name":25,"tactics":26,"countermeasures":42},"T1574.010","Services File Permissions Weakness",[27,30,33,36,39],{"id":28,"name":29},"TA0110","Persistence",{"id":31,"name":32},"TA0111","Privilege Escalation",{"id":34,"name":35},"TA0030","Defense Evasion",{"id":37,"name":38},"TA0005","Stealth",{"id":40,"name":41},"TA0104","Execution",[43,48,52,57,62],{"id":44,"name":45,"tactic":46},"D3-SWI","Software Inventory",{"name":47},"Model",{"id":49,"name":50,"tactic":51},"D3-AVE","Asset Vulnerability Enumeration",{"name":47},{"id":53,"name":54,"tactic":55},"D3-SBV","Service Binary Verification",{"name":56},"Detect",{"id":58,"name":59,"tactic":60},"D3-SU","Software Update",{"name":61},"Harden",{"id":63,"name":64,"tactic":65},"D3-RS","Restore Software",{"name":66},"Restore",{"id":68,"name":69,"techniques":70},"CAPEC-107","Cross Site Tracing",[],{"id":72,"name":73,"techniques":74},"CAPEC-127","Directory Indexing",[75],{"id":76,"name":77,"tactics":78,"countermeasures":82},"T1083","File and Directory Discovery",[79],{"id":80,"name":81},"TA0102","Discovery",[83,87,91,96,101,105,109,114,118,122,126],{"id":84,"name":85,"tactic":86},"D3-FA","File Analysis",{"name":56},{"id":88,"name":89,"tactic":90},"D3-FIM","File Integrity Monitoring",{"name":56},{"id":92,"name":93,"tactic":94},"D3-FEV","File Eviction",{"name":95},"Evict",{"id":97,"name":98,"tactic":99},"D3-DF","Decoy File",{"name":100},"Deceive",{"id":102,"name":103,"tactic":104},"D3-FE","File Encryption",{"name":61},{"id":106,"name":107,"tactic":108},"D3-RF","Restore File",{"name":66},{"id":110,"name":111,"tactic":112},"D3-LFP","Local File Permissions",{"name":113},"Isolate",{"id":115,"name":116,"tactic":117},"D3-CF","Content Filtering",{"name":113},{"id":119,"name":120,"tactic":121},"D3-RFAM","Remote File Access Mediation",{"name":113},{"id":123,"name":124,"tactic":125},"D3-CQ","Content Quarantine",{"name":113},{"id":127,"name":128,"tactic":129},"D3-CM","Content Modification",{"name":113},{"id":131,"name":132,"techniques":133},"CAPEC-17","Using Malicious Files",[134,154],{"id":135,"name":136,"tactics":137,"countermeasures":143},"T1574.005","Executable Installer File Permissions Weakness",[138,139,140,141,142],{"id":28,"name":29},{"id":31,"name":32},{"id":34,"name":35},{"id":37,"name":38},{"id":40,"name":41},[144,146,148,150,152],{"id":44,"name":45,"tactic":145},{"name":47},{"id":49,"name":50,"tactic":147},{"name":47},{"id":53,"name":54,"tactic":149},{"name":56},{"id":58,"name":59,"tactic":151},{"name":61},{"id":63,"name":64,"tactic":153},{"name":66},{"id":24,"name":25,"tactics":155,"countermeasures":161},[156,157,158,159,160],{"id":28,"name":29},{"id":31,"name":32},{"id":34,"name":35},{"id":37,"name":38},{"id":40,"name":41},[162,164,166,168,170],{"id":44,"name":45,"tactic":163},{"name":47},{"id":49,"name":50,"tactic":165},{"name":47},{"id":53,"name":54,"tactic":167},{"name":56},{"id":58,"name":59,"tactic":169},{"name":61},{"id":63,"name":64,"tactic":171},{"name":66},{"id":173,"name":174,"techniques":175},"CAPEC-20","Encryption Brute Forcing",[],{"id":177,"name":178,"techniques":179},"CAPEC-22","Exploiting Trust in Client",[],{"id":181,"name":182,"techniques":183},"CAPEC-237","Escaping a Sandbox by Calling Code in Another Language",[],{"id":185,"name":186,"techniques":187},"CAPEC-36","Using Unpublished Interfaces or Functionality",[],{"id":189,"name":190,"techniques":191},"CAPEC-477","Signature Spoofing by Mixing Signed and Unsigned Content",[],{"id":193,"name":194,"techniques":195},"CAPEC-480","Escaping Virtualization",[196],{"id":197,"name":198,"tactics":199,"countermeasures":201},"T1611","Escape to Host",[200],{"id":31,"name":32},[],{"id":203,"name":204,"techniques":205},"CAPEC-51","Poison Web Service Registry",[],{"id":207,"name":208,"techniques":209},"CAPEC-57","Utilizing REST's Trust in the System Resource to Obtain Sensitive Data",[210],{"id":211,"name":212,"tactics":213,"countermeasures":218},"T1040","Network Sniffing",[214,217],{"id":215,"name":216},"TA0031","Credential Access",{"id":80,"name":81},[219],{"id":220,"name":221,"tactic":222},"D3-DNSTA","DNS Traffic Analysis",{"name":56},{"id":224,"name":225,"techniques":226},"CAPEC-59","Session Credential Falsification through Prediction",[],{"id":228,"name":229,"techniques":230},"CAPEC-65","Sniff Application Code",[231],{"id":211,"name":212,"tactics":232,"countermeasures":235},[233,234],{"id":215,"name":216},{"id":80,"name":81},[236],{"id":220,"name":221,"tactic":237},{"name":56},{"id":239,"name":240,"techniques":241},"CAPEC-668","Key Negotiation of Bluetooth Attack (KNOB)",[242],{"id":243,"name":244,"tactics":245,"countermeasures":249},"T1565.002","Transmitted Data Manipulation",[246],{"id":247,"name":248},"TA0105","Impact",[250,254,258,262,266,270,274,278,282],{"id":251,"name":252,"tactic":253},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":56},{"id":255,"name":256,"tactic":257},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":56},{"id":259,"name":260,"tactic":261},"D3-CSPP","Client-server Payload Profiling",{"name":56},{"id":263,"name":264,"tactic":265},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":56},{"id":267,"name":268,"tactic":269},"D3-NTSA","Network Traffic Signature Analysis",{"name":56},{"id":271,"name":272,"tactic":273},"D3-APCA","Application Protocol Command Analysis",{"name":56},{"id":275,"name":276,"tactic":277},"D3-NTCD","Network Traffic Community Deviation",{"name":56},{"id":279,"name":280,"tactic":281},"D3-RTSD","Remote Terminal Session Detection",{"name":56},{"id":283,"name":284,"tactic":285},"D3-NTF","Network Traffic Filtering",{"name":113},{"id":287,"name":288,"techniques":289},"CAPEC-74","Manipulating State",[],{"id":291,"name":292,"techniques":293},"CAPEC-87","Forceful Browsing",[],{"_key":295,"id":295,"name":296,"description":297,"type":15,"status":298,"abstraction":299,"likelihood_of_exploit":9,"capec":300},"CWE-1336","Improper Neutralization of Special Elements Used in a Template Engine","The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.","Incomplete","Base",[],[],[303],"GHSA-q2x7-8rv6-6q7h",[],[306,308,310,312,314,316,318,320,322,324,326,328,330,332,334,336,338,340,342,344,346,348,350,352,354,356,358,360,362,364,366,368,370,372,374,376,378,380],{"_key":307},"ALPINE-CVE-2024-56326",{"_key":309},"SUSE-SU-2025:0016-1",{"_key":311},"UBUNTU-CVE-2024-56326",{"_key":313},"USN-7244-1",{"_key":315},"SUSE-SU-2025:0006-1",{"_key":317},"SUSE-SU-2025:0029-1",{"_key":319},"OPENSUSE-SU-2025:14997-1",{"_key":321},"DLA-4126-1",{"_key":323},"SUSE-SU-2025:20117-1",{"_key":325},"SUSE-SU-2025:20254-1",{"_key":327},"MGASA-2025-0050",{"_key":329},"DEBIAN-CVE-2024-56326",{"_key":331},"USN-7343-1",{"_key":333},"RHSA-2025:0308",{"_key":335},"RHSA-2025:0335",{"_key":337},"RHSA-2025:0338",{"_key":339},"RHSA-2025:0345",{"_key":341},"RHSA-2025:0656",{"_key":343},"RHSA-2025:0667",{"_key":345},"RHSA-2025:0711",{"_key":347},"RHSA-2025:0721",{"_key":349},"RHSA-2025:0777",{"_key":351},"RHSA-2025:0830",{"_key":353},"RHSA-2025:0834",{"_key":355},"RHSA-2025:0842",{"_key":357},"RHSA-2025:0850",{"_key":359},"RHSA-2025:0883",{"_key":361},"RHSA-2025:0950",{"_key":363},"RHSA-2025:0951",{"_key":365},"RHSA-2025:0978",{"_key":367},"RHSA-2025:1109",{"_key":369},"RHSA-2025:1118",{"_key":371},"RHSA-2025:1130",{"_key":373},"RHSA-2025:1250",{"_key":375},"RHSA-2025:1861",{"_key":377},"RHSA-2025:2399",{"_key":379},"RHSA-2025:2612",{"_key":381},"RHSA-2025:4576",[],[384,385,386,387,388,389,390,391,393,395,397,399,401,403,405,407,409,411,413,415,417,419,421,423,425,427],{"_key":309},{"_key":315},{"_key":317},{"_key":319},{"_key":323},{"_key":325},{"_key":327},{"_key":392},"CGA-3CJ4-2JG2-4QM3",{"_key":394},"CGA-48M9-G63W-3PMJ",{"_key":396},"CGA-4QCP-6R5P-MJG3",{"_key":398},"CGA-6G29-XF5C-XRQ4",{"_key":400},"CGA-79FR-PVJG-J9XM",{"_key":402},"CGA-8R3M-HVVJ-88FF",{"_key":404},"CGA-98JF-GJQ4-76GH",{"_key":406},"CGA-CRFR-R549-CVMG",{"_key":408},"CGA-F7WQ-CRQM-V76F",{"_key":410},"CGA-GM37-P355-3FQ6",{"_key":412},"CGA-H3V9-XGX5-MRGR",{"_key":414},"CGA-HVM4-VP8W-6Q8R",{"_key":416},"CGA-P9V5-JPJ2-Q3WW",{"_key":418},"CGA-RX48-PGCW-GX64",{"_key":420},"CGA-V3RH-G84V-9H7H",{"_key":422},"CGA-W2XV-8GR2-XP8M",{"_key":424},"CGA-WXQH-34VM-G4HV",{"_key":426},"CGA-X4CQ-2PGW-PJ4R",{"_key":428},"CGA-VF88-6CVH-MXCH","2024-12-23T15:43:49.400Z","2025-11-03T19:32:16.045Z","Modified",{"cisa_kev":433,"cisa_ransomware":433,"cisa_vendor":9,"epss_severity":434,"epss_score":435,"severity":436,"severity_score":437,"severity_version":438,"severity_source":439,"severity_vector":440,"severity_status":431},false,"low",0.0057,"high",7.8,"v3.1","cve.org","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[442,451,457,462,466,471],{"url":443,"sources":444,"tags":447},"https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h",[439,445,446],"nvd","osv_pypi",[448,449,450],"X Refsource CONFIRM","Vendor Advisory","WEB",{"url":452,"sources":453,"tags":454},"https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4",[439,445,446],[455,456,450],"X Refsource MISC","Patch",{"url":458,"sources":459,"tags":460},"https://github.com/pallets/jinja/releases/tag/3.1.5",[439,445,446],[455,461,450],"Release Notes",{"url":463,"sources":464,"tags":465},"https://lists.debian.org/debian-lts-announce/2025/04/msg00022.html",[439,445,446],[450],{"url":467,"sources":468,"tags":469},"https://nvd.nist.gov/vuln/detail/CVE-2024-56326",[446],[470],"Advisory",{"url":472,"sources":473,"tags":474},"https://github.com/pallets/jinja",[446],[475],"PACKAGE",[],{"date":478,"score":435,"percentile":479},"2026-06-04",0.68966,[481,485,488,491,494,497,500,503,506,509,512,515,517,520,523,527,530,533,536,540,543,546,549,552,554,557,560,563,566,569,572,575,578,581,584,587,589,592,595,598,600,603,606,609,612,615,618,621,624,627,630,632,635,638,641,643,646,649,652,655,658,661,664,667,670,672,675,678,681,683,686,689,692,695,698,701,704,707,710,713,716,718,720,723,726,729,732,735,738,742],{"date":482,"score":483,"percentile":484},"2025-11-04",0.0012,0.31679,{"date":486,"score":483,"percentile":487},"2025-11-05",0.31655,{"date":489,"score":483,"percentile":490},"2025-11-06",0.31662,{"date":492,"score":483,"percentile":493},"2025-11-07",0.31681,{"date":495,"score":483,"percentile":496},"2025-11-08",0.31682,{"date":498,"score":483,"percentile":499},"2025-11-09",0.31659,{"date":501,"score":483,"percentile":502},"2025-11-10",0.3161,{"date":504,"score":483,"percentile":505},"2025-11-11",0.31627,{"date":507,"score":483,"percentile":508},"2025-11-12",0.31672,{"date":510,"score":483,"percentile":511},"2025-11-13",0.31691,{"date":513,"score":483,"percentile":514},"2025-11-14",0.31695,{"date":516,"score":483,"percentile":514},"2025-11-15",{"date":518,"score":483,"percentile":519},"2025-11-16",0.3166,{"date":521,"score":483,"percentile":522},"2025-11-17",0.31636,{"date":524,"score":525,"percentile":526},"2025-11-18",0.0051,0.63808,{"date":528,"score":525,"percentile":529},"2025-11-19",0.6382,{"date":531,"score":525,"percentile":532},"2025-11-20",0.63821,{"date":534,"score":483,"percentile":535},"2025-11-21",0.31676,{"date":537,"score":538,"percentile":539},"2025-11-22",0.00094,0.26942,{"date":541,"score":538,"percentile":542},"2025-11-23",0.26898,{"date":544,"score":538,"percentile":545},"2025-11-24",0.26867,{"date":547,"score":538,"percentile":548},"2025-11-25",0.26858,{"date":550,"score":538,"percentile":551},"2025-11-26",0.26849,{"date":553,"score":538,"percentile":548},"2025-11-27",{"date":555,"score":538,"percentile":556},"2025-11-28",0.26827,{"date":558,"score":538,"percentile":559},"2025-11-29",0.2681,{"date":561,"score":538,"percentile":562},"2025-11-30",0.26784,{"date":564,"score":538,"percentile":565},"2025-12-01",0.26837,{"date":567,"score":538,"percentile":568},"2025-12-02",0.2686,{"date":570,"score":538,"percentile":571},"2025-12-03",0.26865,{"date":573,"score":538,"percentile":574},"2025-12-04",0.26801,{"date":576,"score":538,"percentile":577},"2025-12-05",0.26839,{"date":579,"score":538,"percentile":580},"2025-12-06",0.26838,{"date":582,"score":538,"percentile":583},"2025-12-07",0.26806,{"date":585,"score":538,"percentile":586},"2025-12-08",0.26811,{"date":588,"score":538,"percentile":545},"2025-12-09",{"date":590,"score":538,"percentile":591},"2025-12-10",0.26941,{"date":593,"score":538,"percentile":594},"2025-12-11",0.26972,{"date":596,"score":538,"percentile":597},"2025-12-12",0.26982,{"date":599,"score":538,"percentile":597},"2025-12-13",{"date":601,"score":538,"percentile":602},"2025-12-14",0.26946,{"date":604,"score":538,"percentile":605},"2025-12-15",0.26916,{"date":607,"score":538,"percentile":608},"2025-12-16",0.26927,{"date":610,"score":538,"percentile":611},"2025-12-17",0.26985,{"date":613,"score":538,"percentile":614},"2025-12-18",0.27038,{"date":616,"score":538,"percentile":617},"2025-12-19",0.27052,{"date":619,"score":538,"percentile":620},"2025-12-20",0.27025,{"date":622,"score":538,"percentile":623},"2025-12-21",0.26988,{"date":625,"score":538,"percentile":626},"2025-12-22",0.26959,{"date":628,"score":538,"percentile":629},"2025-12-23",0.26926,{"date":631,"score":538,"percentile":591},"2025-12-24",{"date":633,"score":538,"percentile":634},"2025-12-25",0.27016,{"date":636,"score":538,"percentile":637},"2025-12-26",0.27004,{"date":639,"score":538,"percentile":640},"2025-12-27",0.26992,{"date":642,"score":538,"percentile":605},"2025-12-28",{"date":644,"score":538,"percentile":645},"2025-12-29",0.26885,{"date":647,"score":538,"percentile":648},"2025-12-30",0.26881,{"date":650,"score":538,"percentile":651},"2025-12-31",0.26948,{"date":653,"score":538,"percentile":654},"2026-01-01",0.27054,{"date":656,"score":538,"percentile":657},"2026-01-02",0.27055,{"date":659,"score":538,"percentile":660},"2026-01-03",0.27036,{"date":662,"score":538,"percentile":663},"2026-01-04",0.26938,{"date":665,"score":538,"percentile":666},"2026-01-05",0.26924,{"date":668,"score":538,"percentile":669},"2026-01-06",0.2693,{"date":671,"score":538,"percentile":626},"2026-01-07",{"date":673,"score":538,"percentile":674},"2026-01-08",0.27006,{"date":676,"score":538,"percentile":677},"2026-01-09",0.26994,{"date":679,"score":538,"percentile":680},"2026-01-10",0.26964,{"date":682,"score":538,"percentile":591},"2026-01-11",{"date":684,"score":538,"percentile":685},"2026-01-12",0.26896,{"date":687,"score":538,"percentile":688},"2026-01-13",0.26877,{"date":690,"score":538,"percentile":691},"2026-01-14",0.26921,{"date":693,"score":538,"percentile":694},"2026-01-15",0.26918,{"date":696,"score":538,"percentile":697},"2026-01-16",0.2695,{"date":699,"score":538,"percentile":700},"2026-01-17",0.26953,{"date":702,"score":538,"percentile":703},"2026-01-18",0.26903,{"date":705,"score":538,"percentile":706},"2026-01-19",0.26859,{"date":708,"score":538,"percentile":709},"2026-01-20",0.26842,{"date":711,"score":538,"percentile":712},"2026-01-21",0.26789,{"date":714,"score":538,"percentile":715},"2026-01-22",0.26767,{"date":717,"score":538,"percentile":577},"2026-01-23",{"date":719,"score":538,"percentile":565},"2026-01-24",{"date":721,"score":538,"percentile":722},"2026-01-25",0.26758,{"date":724,"score":538,"percentile":725},"2026-01-26",0.26673,{"date":727,"score":538,"percentile":728},"2026-01-27",0.26657,{"date":730,"score":538,"percentile":731},"2026-01-28",0.26649,{"date":733,"score":538,"percentile":734},"2026-01-29",0.26606,{"date":736,"score":538,"percentile":737},"2026-01-30",0.26601,{"date":739,"score":740,"percentile":741},"2026-01-31",0.00336,0.55922,{"date":743,"score":740,"percentile":744},"2026-02-01",0.56062,[746,755,759],{"source":439,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":747,"cvss_v4_0":751},{"baseScore":437,"baseSeverity":748,"vectorString":440,"impactScore":749,"exploitabilityScore":750},"HIGH",9.8,4.6,{"baseScore":752,"baseSeverity":753,"vectorString":754,"impactScore":9,"exploitabilityScore":9},5.4,"MEDIUM","CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",{"source":445,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":756,"cvss_v4_0":757},{"baseScore":437,"baseSeverity":748,"vectorString":440,"impactScore":749,"exploitabilityScore":750},{"baseScore":752,"baseSeverity":753,"vectorString":758,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",{"source":446,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":760,"cvss_v4_0":761},{"baseScore":437,"baseSeverity":9,"vectorString":440,"impactScore":749,"exploitabilityScore":750},{"baseScore":752,"baseSeverity":9,"vectorString":754,"impactScore":9,"exploitabilityScore":9},[763,773,779],{"ecosystem":9,"name":764,"vendor":765,"product":764,"cpe_part":766,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":767},"jinja","pallets","a",[768],{"version":769,"is_range":770,"range_type":439,"version_start":9,"version_start_type":9,"version_end":771,"version_end_type":772,"fixed_in":9},"\u003C 3.1.5",true,"3.1.5","excluding",{"ecosystem":9,"name":764,"vendor":774,"product":764,"cpe_part":766,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":775},"palletsprojects",[776],{"version":777,"is_range":770,"range_type":778,"version_start":9,"version_start_type":9,"version_end":771,"version_end_type":772,"fixed_in":9},"lt3.1.5","cpe",{"ecosystem":780,"name":781,"vendor":780,"product":781,"cpe_part":9,"purl_type":782,"purl_namespace":9,"purl_name":781,"source":9,"versions":783},"PyPI","jinja2","pypi",[784],{"version":785,"is_range":770,"range_type":786,"version_start":9,"version_start_type":9,"version_end":771,"version_end_type":772,"fixed_in":9},"lt3_1_5","ecosystem"]