This advisory will be edited with more details on 2024/02/15, when admins have been given some time to update, as we think any amount of detail would make it very easy to come up with an exploit.
But the commit to fix insufficient origin validation is already visible right there in the repo?