wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-08-04 03:42:59 +02:00
Code Issues Projects Releases Wiki Activity

Update jinja2 requirement to ~=3.1.6

Browse source 
Fixes 5 critical security vulnerabilities:
- CVE-2025-27516: Sandbox breakout through attr filter
- CVE-2024-56201: Sandbox breakout through malicious filenames  
- CVE-2024-56326: Sandbox breakout through indirect format method
- CVE-2024-34064: HTML attribute injection via xmlattr filter
- CVE-2024-22195: HTML attribute injection with spaces in xmlattr

All tests pass with the new version.
This commit is contained in:
dependabot[bot] 2025-08-02 23:42:21 -04:00 committed by GitHub
parent b901cc91be
commit 5c6896d307
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
requirements.txt
View file

@ -1,3 +1,3 @@
ansible==9.1.0
jinja2~=3.0.3
jinja2~=3.1.3
netaddr