GHSA-5wr9-m6jw-xx44: Scriban: Sandbox escape due to TypedObjectAccessorcache bypassing MemberFilter after TemplateContext reuse

March 24, 2026

TemplateContext caches type accessors by Type only, but those accessors are built using the current MemberFilter and MemberRenamer. When a TemplateContext is reused and the filter is tightened for a later render, Scriban still reuses the old accessor and continues exposing members that should now be hidden.

References

github.com/advisories/GHSA-5wr9-m6jw-xx44
github.com/scriban/scriban
github.com/scriban/scriban/security/advisories/GHSA-5wr9-m6jw-xx44

Code Behaviors & Features

Detect and mitigate GHSA-5wr9-m6jw-xx44 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →