Another way(as an extension) to hotfix the security hole if you cannot apply the official patch or cannot upgrade Magento.
The attacker makes use of this security hole may read secret files(eg: encryption key in env.php) on the server.
With those secrets, the attacker can perform unauthorized actions(eg: by creating admin JSON Web Token JWT).
Magento 2.4
Note: it has a dependency, so you need composer.
composer require wubinworks/module-cosmic-sting-patch