Fix Jinja2 — CVE-2024-34064 MEDIUM
Fix CVE-2024-34064 (MEDIUM) in Jinja2 for PyPI. Paste your requirements.txt into PackageFix and get a patched version — no CLI, no signup. Xss via xmlattr filter with keys containing spaces.
⚠ Vulnerability
CVE-2024-34064 (MEDIUM) — XSS via xmlattr filter with keys containing spaces in Jinja2 versions below 3.1.4.
Vulnerable Version — requirements.txt
Jinja2==3.0.0
Fixed Version — requirements.txt
Jinja2==3.1.4
✓ Fix
Update Jinja2 to 3.1.4 or later. Run pip install -r requirements.txt to apply. Verify with your ecosystem's audit tool after updating.
Paste your manifest — get back a fixed version with all CVEs patched in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
CVE Details
| Field | Value |
|---|---|
| CVE ID | CVE-2024-34064 |
| Severity | MEDIUM |
| Package | Jinja2 (PyPI) |
| Vulnerable versions | Below 3.1.4 |
| Safe version | 3.1.4 |
| CISA KEV | — |
| Description | Xss via xmlattr filter with keys containing spaces |
Frequently Asked Questions
What is CVE-2024-34064?
CVE-2024-34064 is a MEDIUM severity vulnerability in Jinja2 (PyPI). It allows XSS via xmlattr filter with keys containing spaces. Update to version 3.1.4 or later to fix it.
How do I fix CVE-2024-34064 in Jinja2?
Update Jinja2 to version 3.1.4 in your requirements.txt. Run pip install -r requirements.txt after updating to apply the fix.
Is CVE-2024-34064 being actively exploited?
Check the live CISA KEV catalog at packagefix.dev — PackageFix always reflects the current KEV status.
How do I check if I am affected by CVE-2024-34064?
Paste your requirements.txt into PackageFix. If your installed version of Jinja2 is below 3.1.4, you are affected. PackageFix shows the exact CVE ID and fix version.
What search queries does this page target?
This page covers: Jinja2 CVE, Jinja2 XSS, Jinja2 vulnerability fix.