CVE-2026-46345: compliance-trestle - jinja has an Arbitrary File Write via Path Traversal
Relevant Products/Components:
trestle/core/commands/author/jinja.pytrestle author jinja
References
- github.com/advisories/GHSA-4q5v-7g7x-j79w
- github.com/oscal-compass/compliance-trestle/commit/247fcce289f60103f3d8e28d8ec51a6986b94fb6
- github.com/oscal-compass/compliance-trestle/commit/7d107b3ac53caca7bde97a6278b23cd739d94525
- github.com/oscal-compass/compliance-trestle/security/advisories/GHSA-4q5v-7g7x-j79w
- nvd.nist.gov/vuln/detail/CVE-2026-46345
Code Behaviors & Features
Detect and mitigate CVE-2026-46345 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →