We have been informed of a vulnerability in the 3rd-party JBImages tool that is included in some releases of PKP software.
This does not affect OJS, OMP, or OPS 3.2.0 and newer. If you are running those releases, no changes are necessary.
See Remove JBImages plugin · Issue #5871 · pkp/pkp-lib · GitHub for complete details, including ways to resolve the problem. While we are not aware of active abuse of the vulnerability, resolving it should be considered a high priority.
Public Knowledge Project Team