Hi Jon,
As I hope you can appreciate, we aren't sharing details about the exact nature of the vulnerability or potential method of exploit at this point; we want to provide our clients and users of the Community Edition ample opportunity to upgrade their servers first. I can share that the vulnerability was discovered by an expert, responsible security firm that we have engaged. We are not aware of any real-world exploits of this vulnerability. However, we strongly recommend that every LabKey Server deployment be upgraded to 20.3.0 or 19.3.7 immediately.
Thanks,
Adam