Skip to content

Bump jinja2 to 3.1.5 in llvm/docs/requirements-hashed.txt #16717

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 21, 2025
Merged

Bump jinja2 to 3.1.5 in llvm/docs/requirements-hashed.txt #16717

merged 1 commit into from
Jan 21, 2025

Conversation

lucyli-ca
Copy link
Contributor

PR to bump dependency version to resolve security vulnerability found.

In current version, Jinja has a sandbox breakout through malicious filenames - a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used.

Additional details:
Weaknesses: CWE-150
CVE ID: CVE-2024-56201

@lucyli-ca
Bump jinja2 to 3.1.5 in llvm/docs/requirements-hashed.txt
50ea114 
PR to bump dependency version to resolve security vulnerability found.

In current version, Jinja has a sandbox breakout through malicious filenames - a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used.

Additional details:
Weaknesses: CWE-150
CVE ID: CVE-2024-56201
@lucyli-ca lucyli-ca requested a review from a team as a code owner January 21, 2025 16:14
@sarnex sarnex merged commit ac035eb into intel:sycl Jan 21, 2025
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sarnex sarnex sarnex approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lucyli-ca @sarnex