CVE-2019-10906 (https://nvd.nist.gov/vuln/detail/CVE-2019-10906): In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
*** This bug has been marked as a duplicate of bug 685844 ***