nautobot is vulnerable to Remote Code Execution (RCE). The vulnerability is due to improper sandboxing of environments for the Jinja2 template engine when used internally for template rendering for objects like extras.ComputedField
,extras.CustomLink
, extras.ExportTemplate
, extras.Secret
and extras.Webhook
which allows an attacker to inject and execute maliciously crafted template code through the nautobot.utilities.utils.render_jinja2
helper function