In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creationReferenceshttps://advisories.octopus.com/post/2023/sa2023-05/
