The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h
Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699
Sandbox does not allow clear and pop on known mutable sequence types. #2032
Calling sync render for an async template uses asyncio.run. #1952
Return an aclose-able AsyncGenerator from Template.generate_async. #1960
Avoid leaving root_render_func() unclosed in Template.generate_async. #1960
Avoid leaving async generators unclosed in blocks, includes and extends. #1960
The runtime uses the correct concat function for the current environment when calling block references. #1701
Make |unique async-aware, allowing it to be used after another async-aware filter. #1781
|int filter handles OverflowError from scientific notation. #1921
Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021
Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025
Fix copy/pickle support for the internal missing object. #2027
Environment.overlay(enable_async) is applied correctly. #2061
The error message from FileSystemLoader includes the paths that were searched. #1661
PackageLoader shows a clearer error message when the package does not contain the templates directory. #1705
Improve annotations for methods returning copies. #1880
urlize does not add mailto: to values like @a@b. #1870
Tests decorated with @pass_context` can be used with the |select filter. #1624
Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. #1413
Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. #1253
GHSA-q2x7-8rv6-6q7h (CVE-2024-56326)
Sandbox breakout through indirect reference to format method
An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code.
To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.
Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.
Rated as 5.4/10 (Moderate)
GHSA-gmj6-6f8f-6699 (CVE-2024-56201)
Sandbox breakout through malicious filenames
A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used.
To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename.
This is a security update.
Release Notes
Version 3.1.5
Released 2024-12-21
GHSA-q2x7-8rv6-6q7h (CVE-2024-56326)
An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code.
To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.
Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.
Rated as 5.4/10 (Moderate)
GHSA-gmj6-6f8f-6699 (CVE-2024-56201)
A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used.
To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename.
Rated as 5.4/10 (Moderate)