uber.com may RCE by Flask Jinja2 Template Injection

The researcher found a SSTI vulnerability in rider.uber.com, the vulnerability exists in the 'change your account information' feature, where it sends an email about the update. if the updated username was a template payload {{7*7}}, it executed and showed up as 49 in the update email. The only limit a attacker could face is the enforce of length limit on the username.