Vulnerabilities > Palletsprojects > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-11 | CVE-2024-22195 | Cross-site Scripting vulnerability in Palletsprojects Jinja Jinja is an extensible templating engine. | 6.1 |
| 2021-02-01 | CVE-2020-28493 | Resource Exhaustion vulnerability in multiple products This affects the package jinja2 from 0.0.0 and before 2.11.3. | 5.3 |
| 2020-11-18 | CVE-2020-28724 | Open Redirect vulnerability in Palletsprojects Werkzeug Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL. | 5.8 |
| 2019-07-17 | CVE-2019-1010083 | Unspecified vulnerability in Palletsprojects Flask The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. | 5.0 |
| 2019-04-08 | CVE-2016-10745 | Use of Externally-Controlled Format String vulnerability in Palletsprojects Jinja In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. | 5.0 |
| 2018-08-20 | CVE-2018-1000656 | Improper Input Validation vulnerability in multiple products The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. | 5.0 |
| 2017-10-23 | CVE-2016-10516 | Cross-site Scripting vulnerability in Palletsprojects Werkzeug Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message. | 4.3 |