Jinja Sandbox Bypass Vulnerability Allowing Arbitrary Code Execution

A vulnerability in Jinja prior to version 3.1.6 allows for arbitrary code execution by bypassing the sandboxed environment. This issue arises from an oversight in how the sandbox interacts with the |attr filter, enabling an attacker to exploit untrusted templates. While Jinja's sandbox typically prevents calls to str.format from escaping, the |attr filter can be manipulated to access a string's format method, circumventing the sandbox's protections. Applications that execute untrusted templates are particularly vulnerable.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution on the server where the vulnerable Jinja template is processed.

Reproduction

To reproduce this vulnerability, create a Jinja template that includes the |attr filter applied to a string. The template must be processed in an application that uses Jinja and allows for the execution of untrusted templates. When the template is rendered, the |attr filter can be used to access the string's format method, bypassing the sandbox and executing arbitrary Python code.

Remediation

Users should upgrade to Jinja version 3.1.6 or later, where this vulnerability has been fixed.