Drupal Releases Security Updates CISA
https://www.us-cert.gov/ncas/current-activity/2020/06/18/drupal-releases-security-updates

>Drupal has released security updates to address vulnerabilities affecting Drupal 7, 8.8, 8.9, and 9.0. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.
>
>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Drupal Advisories SA-CORE-2020-004 and SA-CORE-2020-005 for more information and to apply the necessary updates.

https://www.drupal.org/sa-core-2020-004
https://www.drupal.org/sa-core-2020-005