{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T06:38:17.828","vulnerabilities":[{"cve":{"id":"CVE-2024-56201","sourceIdentifier":"security-advisories@github.com","published":"2024-12-23T16:15:07.410","lastModified":"2025-09-22T17:45:28.710","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5."},{"lang":"es","value":"Jinja es un motor de plantillas extensible. Antes de 3.1.5, un error en el compilador de Jinja permitía a un atacante que controlaba tanto el contenido como el nombre de archivo de una plantilla ejecutar código Python arbitrario, independientemente de si se utilizaba el entorno limitado de Jinja. Para aprovechar la vulnerabilidad, un atacante necesita controlar tanto el nombre del archivo como el contenido de una plantilla. Que ese sea el caso depende del tipo de aplicación que utilice Jinja. Esta vulnerabilidad afecta a los usuarios de aplicaciones que ejecutan plantillas que no son de confianza donde el autor de la plantilla también puede elegir el nombre del archivo de la plantilla. Esta vulnerabilidad se solucionó en 3.1.5."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-150"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:palletsprojects:jinja:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.1.5","matchCriteriaId":"A50631DE-4A4A-4B19-81C0-4D0597588D7A"}]}]}],"references":[{"url":"https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/pallets/jinja/issues/1792","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/pallets/jinja/releases/tag/3.1.5","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}