Pwnsauc3

**Name of the Vulnerable Software and Affected Versions** Formie versions prior to 2.2.20 Formie versions prior to 3.1.24 **Description** Unauthenticated users can submit crafted values into Hidden fields configured with a Custom default value. These values are evaluated as Twig during submission handling, which may lead to a serious compromise of the Craft site depending on the template or sandbox behavior. **Recommendations** Update to version 2.2.20. Update to version 3.1.24. As a temporary workaround, remove Hidden fields from public forms or change the Hidden default value from Custom.