If you run a publicly available website/service, keep an eye on https://www.cve.org/CVERecord?id=CVE-2023-44487.
It'll be announced at midday UTC today (10th Oct 2023).
If there isn't an update you can deploy quickly for your affected services immediately (there should be for the better known software, they've had advance notice) then you should consider disabling the affected element until there is.
Can't share more right now but it's important so don't forget (& tell your friends!).