Drupal Releases Security Updates
image2 plugin (which Drupal 8 core also uses).
We would like to thank the CKEditor team for patching the vulnerability and coordinating the fix and release process, and matching the Drupal core security window.
Impact: An attacker could exploit this vulnerability to take control of an affected system.
Mitigation: Apply an update. Please see the references or vendor advisory for more information.