The Events, Conditions, Actions (ECA) module's Render submodule enables you to build render arrays and render inline Twig templates as part of no-code ECA models.
The module doesn't sufficiently sanitize template code when rendering, which can lead to information disclosure.
This vulnerability is mitigated by the fact that a site must be running an ECA model that uses the "Render: Twig" action on a data flow.