CVE-2024-42355 Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag

Shopware, an open ecommerce platform, has a new Twig Tag swsilentfeaturecall which silences deprecation messages while triggered in this tag. Prior to versions 6.6.5.1 and 6.5.8.13, it accepts as parameter a string the feature flag name to silence, but this parameter is not escaped properly and...