com.hubspot.jinjava:jinjava

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting com.hubspot.jinjava:jinjavapage 1 of 1

CVE-2018-18893MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.4.6
2019-01-03
vulnerable: 1.0.0 ... 2.4.5 (65 versions)
Jinjava before 2.4.6 does not block the getClass method, related to com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java.
CVE-2020-12668MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.5.4
2021-02-19
vulnerable: 1.0.0 ... 2.5.3 (79 versions)
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.
CVE-2025-59340CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.8.1
2025-09-17
vulnerable: 2.8.0
jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Priori to 2.8.1, by using mapper.getTypeFactory().constructFromCanonical(), it is possible to instruct the underlying ObjectMapper …
CVE-2026-25526CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.8.3
2026-02-04
vulnerable: 2.8.0, 2.8.1, 2.8.2
JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitra…

Check whether com.hubspot.jinjava:jinjava is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for com.hubspot.jinjava:jinjava CVEs against the assets you own.

Start Free Scan →