{"detect":{"cwe":"CWE-1336","exploit_examples":["/format/?template={user.flag}","/format/?template={user.__class__.__init__.__globals__}"],"notes":"Different sink class from Jinja2 SSTI. Tools that only flag render_template_string / Jinja2 will miss this.","owasp":"A03:2021 \u2014 Injection (SSTI)","scanner_should_fire":true,"sinks":["str.format(user=obj) with user-controlled format string"],"subtype":"python-str-format-attribute-walk","success_markers":["VULNLAB{ssti-str-format-attribute-walk}"],"tags":["python-format","attribute-walk","non-jinja2"]},"lab_url":"/format/","sink":"str.format(user=...)","slug":"format","source_url":"/source/format","summary":"User-controlled format template + str.format(user=obj). Attribute walks reach anywhere.","title":"str.format() SSTI (Python format string)","vulnerable":true}