GHSA-cpwx-vrp4-4pq7
Jinja2 vulnerable to sandbox breakout through attr filter selecting format method
Details
An oversight in how the Jinja sandboxed environment interacts with the `|attr` filter allows an attacker that controls the content of a template to execute arbitrary Python code.
To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.
Jinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to use the `|attr` filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the `|attr` filter no longer bypasses the environment's attribute lookup.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7 [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2025-27516 [ADVISORY]
- https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403 [WEB]
- https://github.com/pallets/jinja [PACKAGE]
- https://lists.debian.org/debian-lts-announce/2025/04/msg00022.html [WEB]
- https://lists.debian.org/debian-lts-announce/2025/04/msg00045.html [WEB]