Security advisory at https://github.com/nextcloud/security-advisories/security/advisories/GHSA-36f7-93f3-mcfj