-> Vulnerability found in jinja2 version 3.1.4
Vulnerability ID: 70612
Affected spec: >=0
ADVISORY: In Jinja2, the from_string function is prone to Server
Side Template Injection (SSTI) where it takes the "source" parameter as a
template object, renders it, and then returns it. The attacker can exploit
it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple
third parties believe that this vulnerability isn't valid because users
shouldn't use untrusted templates without sandboxing.
CVE-2019-8341
For more information about this vulnerability, visit
https://data.safetycli.com/v/70[61](https://github.com/flexion/devops-deployment-metrics/actions/runs/9423411378/job/25961726941#step:11:62)2/97c
To ignore this vulnerability, use PyUp vulnerability id 70612 in safety’s
ignore command-line argument or add the ignore to your safety policy file.
Using open-source vulnerability database Found and scanned 103 packages Timestamp 2024-06-07 21:36:11 1 vulnerability reported 0 vulnerabilities ignored
+==============================================================================+ VULNERABILITIES REPORTED +==============================================================================+
-> Vulnerability found in jinja2 version 3.1.4 Vulnerability ID: 70612 Affected spec: >=0 ADVISORY: In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing. CVE-2019-8341 For more information about this vulnerability, visit https://data.safetycli.com/v/70[61](https://github.com/flexion/devops-deployment-metrics/actions/runs/9423411378/job/25961726941#step:11:62)2/97c To ignore this vulnerability, use PyUp vulnerability id 70612 in safety’s ignore command-line argument or add the ignore to your safety policy file.