Uploaded image for project: 'OpenShift Application Platform Engineering'
  1. OpenShift Application Platform Engineering
  2. OAPE-159

[Upstream] CVE-2025-27516: Ansible-operator-plugin: Jinja sandbox breakout through attr filter selecting format method

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • None
    • Operator SDK
    • Future Sustainability
    • False
    • Hide

      None

      Show
      None
    • False
    • 3
    • None
    • None
    • OAPE Sprint 268
    • 1

      Currently, upstream https://github.com/operator-framework/ansible-operator-plugins project is using  jinja2 v3.1.5, which is now vulnerable as per CVE-2025-27516.

      Create an issue upstream and propose a PR to fix the CVE upstream.

      This vulnerability is fixed in v3.1.6

      References

      GHSA-cpwx-vrp4-4pq7
      • https://www.cve.org/CVERecord?id=CVE-2025-27516
      • https://nvd.nist.gov/vuln/detail/CVE-2025-27516
      • GHSA-cpwx-vrp4-4pq7
      • pallets/jinja@90457bb 

              rh-ee-ckyal Chirag Kyal
              rh-ee-ckyal Chirag Kyal
              None
              None
              None
              None
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: