A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This…
VulDB·CWE-791·Published 2025-04-21
Es wurde eine problematische Schwachstelle in wix-incubator jam bis e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9 gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Datei jam.py der Komponente Jinja2 Template Handler. Mit der Manipulation des Arguments config['template'] mit unbekannten Daten kann eine improper neutralization of special elements used in a template engine-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur öffentlichen Verfügung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verfügbar.
A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument config['template'] leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument config['template'] leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
Se encontró una vulnerabilidad clasificada como problemática en el archivo jam de wix-incubator hasta e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. Esta vulnerabilidad afecta a una parte desconocida del archivo jam.py del componente Jinja2 Template Handler. La manipulación del argumento config['template'] provoca la neutralización incorrecta de elementos especiales utilizados en un motor de plantillas. Es posible lanzar el ataque en el host local. Se ha hecho público el exploit y puede que sea utilizado. Este producto utiliza el enfoque de lanzamiento continuo para garantizar una distribución continua. Por lo tanto, no se dispone de información sobre las versiones afectadas ni sobre las actualizadas.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | cve.org | 1.7 | — | — | AV:L/AC:L/Au:S/C:N/I:P/A:N |
| 2.0 | Primary | cve.org | 1.7 | — | — | AV:L/AC:L/Au:S/C:N/I:P/A:N |
| 2.0 | Secondary | NVD | 1.7 | 3.1 | 2.9 | AV:L/AC:L/Au:S/C:N/I:P/A:N |
| 3.0 | Primary | cve.org | 3.3 | — | — | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
| 3.0 | Primary | cve.org | 3.3 | — | — | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
| 3.1 | Primary | NVD | 9.8 | 3.9 | 5.9 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | Primary | cve.org | 3.3 | — | — | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
| 3.1 | Primary | cve.org | 3.3 | — | — | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
| 3.1 | Secondary | NVD | 3.3 | 1.8 | 1.4 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
| 4.0 | Primary | cve.org | 4.8 | — | — | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
| 4.0 | Primary | cve.org | 4.8 | — | — | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
| 4.0 | Secondary | NVD | 4.8 | — | — | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |