logo_clicknbuy.png

CVE-2025-3841 – Wix Incubator Jam Jinja2 Template Handler Template Injection Vulnerability

The following table lists the changes that have been made to the
CVE-2025-3841 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by [email protected]

    Apr. 21, 2025

    Action Type Old Value New Value
    Added Description A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument config[‘template’] leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
    Added CVSS V4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
    Added CVSS V2 (AV:L/AC:L/Au:S/C:N/I:P/A:N)
    Added CWE CWE-791
    Added CWE CWE-1336
    Added Reference https://github.com/wix-incubator/jam/issues/1
    Added Reference https://vuldb.com/?ctiid.305769
    Added Reference https://vuldb.com/?id.305769
    Added Reference https://vuldb.com/?submit.555905
  • CVE Modified
    by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Apr. 21, 2025

    Action Type Old Value New Value
    Added Reference https://github.com/wix-incubator/jam/issues/1
Share the Post:

Related Posts