Heyitspiyush

**Name of the Vulnerable Software and Affected Versions** home-assistant-cli versions prior to 1.0.0 **Description** The Home Assistant Command-line interface (hass-cli) used an unrestricted environment instead of a sandboxed one to handle Jinja2 templates. User-supplied input within these templates was rendered locally without restrictions, allowing access to Python internals and extending templating capabilities beyond intended usage. This can lead to arbitrary code execution on the local machine if a user is convinced to render malicious third-party templates using the `--local` flag. The issue only affects the local machine and requires user intervention. **Recommendations** Update to version 1.0.0. Evaluate Jinja2 templates manually or using a tool before rendering them with `hass-cli`.