The security fix has been published.
Commit added to:
master: fix: prevent setting user attributes from JWT in Studio · openedx/edx-platform@4c0623b · GitHubopen-release/redwood.master: fix: prevent setting user attributes from JWT in Studio · openedx/edx-platform@2d72df0 · GitHubopen-release/quince.master: fix: prevent setting user attributes from JWT in Studio · openedx/edx-platform@3ff69fd · GitHub