Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinjas sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5.
Weakness
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Jinja | Palletsprojects | 3.0.0 (including) | 3.1.5 (excluding) |
| Ansible Automation Platform Execution Environments | RedHat | ansible-automation-platform/ee-minimal-rhel8:2.16.14-3 | * |
| Ansible Automation Platform Execution Environments | RedHat | ansible-automation-platform/ee-minimal-rhel9:2.18.1-4 | * |
| Ansible Automation Platform Execution Environments | RedHat | ansible-automation-platform/ee-minimal-rhel8:2.12.10-59 | * |
| Ansible Automation Platform Execution Environments | RedHat | ansible-automation-platform/ee-minimal-rhel9:2.18.2-4 | * |
| Discovery 1 for RHEL 9 | RedHat | discovery/discovery-server-rhel9:1.12.0-1 | * |
| Discovery 1 for RHEL 9 | RedHat | discovery/discovery-ui-rhel9:1.12.0-1 | * |
| Ironic content for Red Hat OpenShift Container Platform 4.12 | RedHat | python-jinja2-0:3.0.1-6.el9.2 | * |
| Ironic content for Red Hat OpenShift Container Platform 4.13 | RedHat | python-jinja2-0:3.0.1-6.el9.2 | * |
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | RedHat | automation-controller-0:4.5.17-1.el8ap | * |
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | RedHat | python3x-jinja2-0:3.1.5-1.el8ap | * |
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | RedHat | ansible-automation-platform-24/lightspeed-rhel8-operator:2.4-33 | * |
| Red Hat Ansible Automation Platform 2.4 for RHEL 9 | RedHat | automation-controller-0:4.5.17-1.el9ap | * |
| Red Hat Ansible Automation Platform 2.4 for RHEL 9 | RedHat | python-jinja2-0:3.1.5-1.el9ap | * |
| Red Hat Ansible Automation Platform 2.5 for RHEL 8 | RedHat | ansible-automation-platform-25/lightspeed-rhel8:2.5.250107-1 | * |
| Red Hat Ansible Automation Platform 2.5 for RHEL 8 | RedHat | automation-controller-0:4.6.7-1.el8ap | * |
| Red Hat Ansible Automation Platform 2.5 for RHEL 8 | RedHat | python3.11-jinja2-0:3.1.5-1.el8ap | * |
| Red Hat Ansible Automation Platform 2.5 for RHEL 9 | RedHat | automation-controller-0:4.6.7-1.el9ap | * |
| Red Hat Ansible Automation Platform 2.5 for RHEL 9 | RedHat | python3.11-jinja2-0:3.1.5-1.el9ap | * |
| Red Hat Developer Hub 1.3 on RHEL 9 | RedHat | rhdh-hub-container-1.3-138 | * |
| Red Hat Enterprise Linux 9 | RedHat | fence-agents-0:4.10.0-76.el9_5.4 | * |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | fence-agents-0:4.10.0-20.el9_0.20 | * |
| Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | fence-agents-0:4.10.0-43.el9_2.11 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | fence-agents-0:4.10.0-62.el9_4.10 | * |
| Red Hat OpenShift Container Platform 4.14 | RedHat | python-jinja2-0:3.0.1-6.el9.2 | * |
| Red Hat OpenShift Container Platform 4.15 | RedHat | python-jinja2-0:3.0.1-6.el9.2 | * |
| Red Hat OpenShift Container Platform 4.16 | RedHat | openshift4/ose-ansible-rhel9-operator:v4.16.0-202501311735.p0.g2cb0020.assembly.stream.el9 | * |
| Red Hat OpenShift Container Platform 4.16 | RedHat | python-jinja2-0:3.0.1-6.el9.2 | * |
| Red Hat OpenShift Container Platform 4.17 | RedHat | openshift4/ose-ansible-rhel9-operator:v4.17.0-202501300634.p0.g9cb5839.assembly.stream.el9 | * |
| Red Hat OpenShift Container Platform 4.17 | RedHat | python-jinja2-0:3.1.5-1.el9 | * |
| Red Hat OpenStack Platform 17.1 for RHEL 9 | RedHat | openstack-ansible-core-0:2.14.2-4.6.el9ost | * |
| Red Hat Satellite 6.15 for RHEL 8 | RedHat | python-jinja2-0:3.1.5-1.el8pc | * |
| Red Hat Satellite 6.15 for RHEL 8 | RedHat | python-jinja2-0:3.1.5-1.el8pc | * |
| Red Hat Developer Hub 1.5 | RedHat | rhdh/rhdh-hub-rhel9:sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665 | * |
| Red Hat Developer Hub (RHDH) 1.4 | RedHat | rhdh/rhdh-hub-rhel9:sha256:d8268197ba0466643efb818fcad8f0fc29e32463f75b0f7f51d9ce75ec717572 | * |
| Red Hat OpenShift AI 2.16 | RedHat | rhoai/odh-model-registry-rhel8:sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f | * |
| Red Hat OpenShift AI 2.16 | RedHat | rhoai/odh-model-registry-rhel8:sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f | * |
| Jinja2 | Ubuntu | esm-infra-legacy/trusty | * |
| Jinja2 | Ubuntu | esm-infra/bionic | * |
| Jinja2 | Ubuntu | esm-infra/focal | * |
| Jinja2 | Ubuntu | esm-infra/xenial | * |
| Jinja2 | Ubuntu | focal | * |
| Jinja2 | Ubuntu | jammy | * |
| Jinja2 | Ubuntu | noble | * |
| Jinja2 | Ubuntu | oracular | * |
| Jinja2 | Ubuntu | upstream | * |
Potential Mitigations
- Assume all input is malicious. Use an “accept known good” input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, “boat” may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as “red” or “blue.”
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code’s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/134.html
- https://cwe.mitre.org/data/definitions/41.html
- https://cwe.mitre.org/data/definitions/81.html
- https://cwe.mitre.org/data/definitions/93.html