Fix for authenticated remote code execution through layout update

High

mark-netalico published GHSA-5j2g-3ph4-rgvm

Jan 26, 2023

Package

No package listed

Affected versions

<= 19.4.21, <= 20.0.18

Patched versions

None

Description

Impact

A layout block was able to bypass the block blacklist to execute remote code.