High-severity vulnerabilities issues related to Jinja2

There are two high-severity vulnerabilities affecting Jinja2, which appears to be bundled at build time under the following path in the repository:

📁 [robotframework-ls/src/robotframework_ls/vendored](https://github.com/robocorp/robotframework-lsp/tree/master/robotframework-ls/src/robotframework_ls/vendored)

⚠️ Affected CVEs:
[CVE-2024-56201](https://github.com/advisories/GHSA-gmj6-6f8f-6699)

[CVE-2024-56326](https://github.com/advisories/GHSA-q2x7-8rv6-6q7h)

These vulnerabilities may expose users to code execution risks or template injection attacks, depending on how Jinja2 is used internally.

✅ Recommended Action:
To address these issues, upgrade Jinja2 to version 3.1.5 or later.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

High-severity vulnerabilities issues related to Jinja2 #1091

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

High-severity vulnerabilities issues related to Jinja2 #1091

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions