twig/twig is a flexible, fast, and secure template language for PHP.
Affected versions of this package are vulnerable to Access Restriction Bypass. The
Template.php, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the
_self variable in a template.
twig/twig to version 1.20.0 or higher.