Design/Logic Flaw
JWIG might allow context-dependent attackers to cause a denial of service service degradation via loops of references to external templates. NOTE: this issue has been disputed by multiple third parties who state that only the application developer can trigger the issue, so no privilege boundaries...