CVE-2016-10745 In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. Source: NIST CVE-2016-10745 April 8, 2019 by admin Uncategorized