CVE-2020-7747

This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller.