Vendor
banks version 2.4.1 and earlier is vulnerable to Server-Side Template Injection (SSTI) due to the use of an unsandboxed Jinja2 environment, allowing attackers to achieve Remote Code Execution (RCE) by injecting malicious code through user-supplied prompt templates.