AIKIDO-2025-10567

TL;DR

Affected versions of this package are vulnerable to path traversal due to improper sanitization of user-controlled paths during Jinja template rendering. The vulnerable code exposed raw string paths in the rendering context, allowing directory escape sequences (e.g., ../../) to be accepted. An attacker could craft malicious input (e.g., setting answers_relpath to ../../../etc/passwd) during template generation. When the application uses this value to resolve file paths, the traversal sequences can redirect operations to unintended file system locations, potentially exposing sensitive data, enabling remote code execution, or compromising the system.