Pebble has Arbitrary Local File Inclusion (LFI) Vulnerability via `include` macro
If untrusted user input is used to dynamically create a PebbleTemplate with the method PebbleEngine#getLiteralTemplate, then an attacker can include arbitrary local files from the file system into the generated template, leaking potentially sensitive information into the output of PebbleTemplate#evaluate. This is done via the include macro.