PYSEC-2026-1471 Jinja2 vulnerable to sandbox breakout through attr filter selecting format method
An oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends o...