Detected a Jinja2 environment without autoescaping. Jinja2 does not autoescape by default. This is dangerous if you are rendering to a browser because this allows for cross-site scripting (XSS) attacks. If you are in a web context, enable autoescaping by setting ‘autoescape=True.’ You may also consider using ‘jinja2.select_autoescape()’ to only enable automatic escaping for certain file extensions. Likelihood: LOW Confidence: MEDIUM CWE: - CWE-116: Improper Encoding or Escaping of Output
OWASP: - A03:2021 - Injection
incorrect-autoescape-disabled
Detected a Jinja2 environment with ‘autoescaping’ disabled. This is dangerous if you are rendering to a browser because this allows for cross-site scripting (XSS) attacks. If you are in a web context, enable ‘autoescaping’ by setting ‘autoescape=True.’ You may also consider using ‘jinja2.select_autoescape()’ to only enable automatic escaping for certain file extensions. Likelihood: LOW Confidence: MEDIUM CWE: - CWE-116: Improper Encoding or Escaping of Output
OWASP: - A03:2021 - Injection