fsspec is vulnerable to Server-Side Template Injection (SSTI)
65
Medium Risk
ReferenceFileSystem renders templates, refs, and gen entries from a loaded reference set using an unsandboxed jinja2.Template engine. When an application opens a reference set that contains attacker-influenced {{ }} expressions, those expressions are evaluated with full Jinja access, allowing traversal to Python internals and arbitrary code execution. Generator (gen) entries are rendered through unsandboxed Jinja even under the default simple_templates behavior, so the unsafe path is reachable without enabling full templating. The fix renders these values with jinja2.sandbox.SandboxedEnvironment and skips Jinja generator processing when simple templates are used.
You are affected if you are using a version that falls within the vulnerable range and load reference sets from untrusted sources with ReferenceFileSystem.
fsspec is vulnerable to Server-Side Template Injection (SSTI) in versions 0.9.0 - 2026.4.0.
Upgrade the fsspec library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant