Improper Neutralization of Special Elements Used in a Template Engine

Summary

Jinja is an extensible templating engine. In Jinja2 versions prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the `|attr` filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates. Jinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to use the `|attr` filter to get a reference to a string's plain `format` method, bypassing the sandbox. After the fix, the `|attr` filter no longer bypasses the environment's attribute lookup.