MDVA-43395_EE_2.4.3-p1 see https://support.magento.com/hc/en-us/articles/4426353041293-Security-updates-available-for-Adobe-Commerce-APSB22-12-

readme.md

Based on https://www.integer-net.com/applying-the-magento-security-patch-via-composer/

Option 1. in source control:

composer require cweagans/composer-patches

Add patches like stated below. Run composer install, commit and deploy.

Or hotfix on production:

wget https://gist.githubusercontent.com/barryvdh/822eea3150dbaf3c68ca80a63a3474b6/raw/46bf0b2fa8d1f3a210c333e05298f569c81171ac/MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch
git apply MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch

Flush opcache and Magento cache.

Note: Use at you own risk. Follow to official instructions when not clear and use your own gist/file locations.

composer.json

    "extra": {
        [...]
        "composer-exit-on-patch-failure": true,
        "patches": {
            "magento/framework": {
                "MDVA-43395": "https://gist.githubusercontent.com/barryvdh/822eea3150dbaf3c68ca80a63a3474b6/raw/00e7313b8125fed8e3d9e1385646fa4d9880cd8b/MDVA-43395_magento-framework.patch"
            },
            "magento/module-email": {
                "MDVA-43395": "https://gist.githubusercontent.com/barryvdh/822eea3150dbaf3c68ca80a63a3474b6/raw/00e7313b8125fed8e3d9e1385646fa4d9880cd8b/MDVA-43395_magento-module-email.patch"
            }
        }
    },

MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch

diff --git a/vendor/magento/module-email/Model/Template/Filter.php b/vendor/magento/module-email/Model/Template/Filter.php
index 1a7c3683820a..586cb485ee1f 100644
--- a/vendor/magento/module-email/Model/Template/Filter.php
+++ b/vendor/magento/module-email/Model/Template/Filter.php
@@ -618,6 +618,12 @@ public function transDirective($construction)
         }
 
         $text = __($text, $params)->render();
+
+        $pattern = '/{{.*?}}/';
+        do {
+            $text = preg_replace($pattern, '', (string)$text);
+        } while (preg_match($pattern, $text));
+
         return $this->applyModifiers($text, $modifiers);
     }
 
diff --git a/vendor/magento/framework/Filter/DirectiveProcessor/VarDirective.php b/vendor/magento/framework/Filter/DirectiveProcessor/VarDirective.php
index f2fe398c3848..78034d70ba51 100644
--- a/vendor/magento/framework/Filter/DirectiveProcessor/VarDirective.php
+++ b/vendor/magento/framework/Filter/DirectiveProcessor/VarDirective.php
@@ -55,6 +55,11 @@ public function process(array $construction, Template $filter, array $templateVa
             $result = $this->filterApplier->applyFromRawParam($construction['filters'], $result);
         }
 
+        $pattern = '/{{.*?}}/';
+        do {
+            $result = preg_replace($pattern, '', (string)$result);
+        } while (preg_match($pattern, $result));
+
         return $result;
     }
 

MDVA-43395_magento-framework.patch

diff --git a/Filter/DirectiveProcessor/VarDirective.php b/Filter/DirectiveProcessor/VarDirective.php
index f2fe398c3848..78034d70ba51 100644
--- a/Filter/DirectiveProcessor/VarDirective.php
+++ b/Filter/DirectiveProcessor/VarDirective.php
@@ -55,6 +55,11 @@ public function process(array $construction, Template $filter, array $templateVa
             $result = $this->filterApplier->applyFromRawParam($construction['filters'], $result);
         }
 
+        $pattern = '/{{.*?}}/';
+        do {
+            $result = preg_replace($pattern, '', (string)$result);
+        } while (preg_match($pattern, $result));
+
         return $result;
     }
 

MDVA-43395_magento-module-email.patch

diff --git a/Model/Template/Filter.php b/Model/Template/Filter.php
index 1a7c3683820a..586cb485ee1f 100644
--- a/Model/Template/Filter.php
+++ b/Model/Template/Filter.php
@@ -618,6 +618,12 @@ public function transDirective($construction)
         }
 
         $text = __($text, $params)->render();
+
+        $pattern = '/{{.*?}}/';
+        do {
+            $text = preg_replace($pattern, '', (string)$text);
+        } while (preg_match($pattern, $text));
+
         return $this->applyModifiers($text, $modifiers);
     }