Pimcore · Pimcore · CVE-2022-39365
**Name of the Vulnerable Software and Affected Versions**
Pimcore versions prior to 10.5.9
**Description**
The user-controlled twig templates rendering in `Pimcore/Mail` and `ClassDefinitionLayoutText` is vulnerable to server-side template injection, which could lead to remote code execution.
**Recommendations**
For versions prior to 10.5.9, update to version 10.5.9 to resolve the issue.
As a temporary workaround for versions prior to 10.5.9, apply the patch manually.