Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly marklookup-plugin results as unsafe. If an attacker could control the results of lookup calls, they could inject Unicode strings to be parsed by the jinja2 templating system, result ing in code execution. By default, the jinja2 templating language is now marked as "unsafe" and is not evaluated.