EventStoreDB has published a security release on February 21, 2024. The official security release for EventStoreDB OSS & Commercial editions addresses this vulnerability: CVE-2024-26133.
The fix is available in versions 23.10.1, 22.10.5, 21.10.11, and 20.10.6
We strongly recommend that all customers upgrade to one of these versions and follow the recommended actions in the release notes.