PT-2025-17381 · Unknown+1 · Jinja2 Template Handler+2
Ybdesire
·
Published
2025-04-19
·
Updated
2025-04-19
·
CVE-2025-3804
CVSS v4.0
4.8
Medium
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
thautwarm vscode-diana version 0.0.1
Description
A critical vulnerability has been found in the Jinja2 Template Handler component of thautwarm vscode-diana. The issue affects an unknown function of the file Gen.py and leads to injection. Local attack is required to exploit this issue. The exploit has been disclosed to the public.
Recommendations
For thautwarm vscode-diana version 0.0.1, consider restricting access to the Jinja2 Template Handler component until a patch is available. As a temporary workaround, avoid using the unknown function of the file Gen.py to minimize the risk of exploitation.
Exploit
Fix
Improper Neutralization
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jinja2
Jinja2 Template Handler
Thautwarm Vscode-Diana