Tag
cve-2024-22195
Safeguard articles tagged "cve-2024-22195" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Application Security
CVE-2024-22195: how Jinja2's xmlattr filter opened an XSS hole
A single filter in Jinja, xmlattr, could inject arbitrary HTML attributes and slip past autoescaping entirely — fixed in Jinja 3.1.3, tracked as CVE-2024-22195.
Jul 7, 20266 min read
Vulnerability Analysis
Jinja2 xmlattr filter XSS (CVE-2024-22195)
CVE-2024-22195 lets attacker-controlled dict keys bypass Jinja2's xmlattr escaping for XSS. Learn affected versions, CVSS/EPSS context, and fixes.
Dec 26, 20257 min read