Gantry package containing "Twig" library creates folders with improper folder permissions. On some servers this may lead to world writeable folders.
see https://github.com/gantry/gantry5/issues/2363 https://github.com/twigphp/Twig/issues/2353
developer states not a security issue within their coding.
reference topics
https://forum.joomla.org/viewtopic.php?f=714&t=965475 https://github.com/gantry/gantry5/issues/2363