Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution

The Contextual Links module doesn’t sufficiently validate the requested contextual links.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission “access contextual links”.