Uncategorized CVE-2019-10906 - April 7, 2019 - admin In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. Source: NIST CVE-2019-10906