From ${URL} : In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. The core of the issue is that Python's string format method that was added to strings can be used to discover potentially dangerous values including configuration values. References: https://nvd.nist.gov/vuln/detail/CVE-2016-10745 https://palletsprojects.com/blog/jinja-281-released/ https://github.com/pallets/jinja/commit/9b53045c34e61013dc8f09b7e52a555fa16bed16 @security: please check if this issue needs a GLSA.
Vulnerable Version not in Tree