CVE-2025-27516

Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup. This vulnerability is fixed in 3.1.6.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
GitHub_MCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Debian logo
Debian Releases
Debian Product
Codename
jinja2
bullseye
vulnerable
bookworm
no-dsa
bullseye (security)
vulnerable
sid
3.1.6-1
fixed
trixie
3.1.6-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jinja2
oracular
Fixed 3.1.3-1ubuntu1.24.10.2
released
noble
Fixed 3.1.2-1ubuntu1.3
released
jammy
Fixed 3.0.3-1ubuntu0.4
released
focal
Fixed 2.10.1-2ubuntu0.5
released
bionic
Fixed 2.10-1ubuntu0.18.04.1+esm4
released
xenial
Fixed 2.8-1ubuntu0.1+esm5
released
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403
https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7