Twig has a possible sandbox bypass
Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. The security issue happens when all these conditions are met: The sandbox is disabled globally; The sandbox is enabled via a sandboxed include() function which references a template name (like included.twig) and not a Template or TemplateWrapper instance; The included template has been loaded before the include() call but in a …