Product
The FileSystemLoader in python-liquid versions before 2.2.0 allows malicious template authors to read arbitrary files outside the search paths via the `{% include %}` and `{% render %}` tags by using absolute paths; this is resolved in version 2.2.0 by checking for absolute paths in the `resolve_path()` method.