{"id":"USN-7343-2","summary":"jinja2 regression","details":"USN-7343-1 fixed vulnerabilities in Jinja2. The update introduced a\nregression when attempting to import Jinja2 on Ubuntu 18.04 LTS and\nUbuntu 20.04 LTS. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nRafal Krupinski discovered that Jinja2 did not properly restrict\nthe execution of code in situations where templates are used maliciously.\nAn attacker with control over a template's filename and content could\npotentially use this issue to enable the execution of arbitrary code.\nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2024-56201)\n\nIt was discovered that Jinja2 sandboxed environments could be escaped\nthrough a call to a string format method. An attacker could possibly use\nthis issue to enable the execution of arbitrary code. This issue only\naffected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2024-56326)\n\nIt was discovered that Jinja2 sandboxed environments could be escaped\nthrough the malicious use of certain filters. An attacker could possibly\nuse this issue to enable the execution of arbitrary code. (CVE-2025-27516)\n","modified":"2026-02-10T04:47:18Z","published":"2025-03-12T19:30:54Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7343-2"},{"type":"REPORT","url":"https://launchpad.net/bugs/2102129"}],"affected":[{"package":{"name":"jinja2","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/jinja2@2.10-1ubuntu0.18.04.1+esm5?arch=source&distro=esm-infra/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.10-1ubuntu0.18.04.1+esm5"}]}],"versions":["2.9.6-1","2.10-1","2.10-1ubuntu0.18.04.1","2.10-1ubuntu0.18.04.1+esm1","2.10-1ubuntu0.18.04.1+esm2","2.10-1ubuntu0.18.04.1+esm3","2.10-1ubuntu0.18.04.1+esm4"],"ecosystem_specific":{"binaries":[{"binary_name":"python-jinja2","binary_version":"2.10-1ubuntu0.18.04.1+esm5"},{"binary_name":"python3-jinja2","binary_version":"2.10-1ubuntu0.18.04.1+esm5"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7343-2.json"}},{"package":{"name":"jinja2","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/jinja2@2.10.1-2ubuntu0.6?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.10.1-2ubuntu0.6"}]}],"versions":["2.10-2ubuntu1","2.10-2ubuntu2","2.10.1-1ubuntu1","2.10.1-2","2.10.1-2ubuntu0.2","2.10.1-2ubuntu0.3","2.10.1-2ubuntu0.4","2.10.1-2ubuntu0.5"],"ecosystem_specific":{"binaries":[{"binary_name":"python-jinja2","binary_version":"2.10.1-2ubuntu0.6"},{"binary_name":"python3-jinja2","binary_version":"2.10.1-2ubuntu0.6"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7343-2.json"}}],"schema_version":"1.7.3"}