GHSA-FCR8-6Q7R-M4WG Bypass of fix for CVE-2020-26231, Twig sandbox escape
Impact A bypass of CVE-2020-26231 fixed in 1.0.470/471 and 1.1.1 was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247: An authenticated backend user with the cms.managepages, cms.managelayouts, or cms.managepartials permissions who would normally not be permitted to provide...