The vulnerability stems from two key issues: (1) SandboxedEnvironment.call() failed to detect and properly handle str.format calls, allowing attackers to bypass sandbox restrictions via Python's string formatting mechanics. The commit adds format_string() and inspect_format_method() to intercept these calls. (2) Call.as_const() did not account for sandboxed environments when evaluating expressions, permitting unsafe constant evaluation. The patch adds 'environment.sandboxed' to the volatility check. The test cases explicitly validate that {0.class} format attempts are neutralized, confirming these functions were the attack vectors.