CVE-2025-3841

A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument config['template'] leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

CVSS v3 3.3 LOW
CVSS v2.0 1.7 LOW

3.3^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

1.7^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 3.1 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/wix-incubator/jam/issues/1
https://vuldb.com/?ctiid.305769
https://vuldb.com/?id.305769
https://vuldb.com/?submit.555905
https://github.com/wix-incubator/jam/issues/1

Configurations

No configuration.

History

23 Apr 2025, 14:08

Type	Values Removed	Values Added
Summary		(es) Se encontró una vulnerabilidad clasificada como problemática en el archivo jam de wix-incubator hasta e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. Esta vulnerabilidad afecta a una parte desconocida del archivo jam.py del componente Jinja2 Template Handler. La manipulación del argumento config['template'] provoca la neutralización incorrecta de elementos especiales utilizados en un motor de plantillas. Es posible lanzar el ataque en el host local. Se ha hecho público el exploit y puede que sea utilizado. Este producto utiliza el enfoque de lanzamiento continuo para garantizar una distribución continua. Por lo tanto, no se dispone de información sobre las versiones afectadas ni sobre las actualizadas.

21 Apr 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-21 20:15

Updated : 2025-04-23 14:08

NVD link : CVE-2025-3841

Mitre link : CVE-2025-3841

CVE.ORG link : CVE-2025-3841

JSON object : View

Products Affected

No product.

CWE

CWE-791

Incomplete Filtering of Special Elements

CWE-1336

Improper Neutralization of Special Elements Used in a Template Engine

3.3 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

1.7 /10

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2025-3841

3.3^/10

1.7^/10

Attach tags to `CVE-2025-3841`