How severe is CVE-2024-56201?

This vulnerability has a severity rating of MEDIUM with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-56201?

This is classified as CWE-150, which is a common weakness in software security.

CVE-2024-56201 - MEDIUM Severity | CVSS N/A

Vulnerability Description

Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5.

Related Vulnerabilities

CVE-2022-30123

CRITICAL

CVSS:10.0(Critical)

A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.

CWE-1502022

CVE-2023-26055

CRITICAL

CVSS:9.9(Critical)

XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be e...

CWE-1502023

CVE-2025-47284

CRITICAL

CVSS:9.9(Critical)

Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the `gardenlet` component of Gardener prior to versions 1.116...

CWE-1502025

CVE-2017-0899

CRITICAL

CVSS:9.8(Critical)

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequen...

CWE-1502017

CVE-2023-3265

CRITICAL

CVSS:9.8(Critical)

An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "...

CWE-1502023

CVE-2025-25286

CRITICAL

CVSS:9.8(Critical)

Crayfish is a collection of Islandora 8 microservices, one of which, Homarus, provides FFmpeg as a microservice. Prior to Crayfish version 4.1.0, remote code execution may be possible in web-accessibl...

CWE-1502025