A Public Service Announcement was released on July 30th, 2018, announcing a moderately critical security update to Drupal Core. This update is not part of the normal Drupal Core security releases but was deemed important enough to release the update. A link to the public service announcement can be found here: https://www.drupal.org/psa-2018-07-30
More information on the actual vulnerability was released along with the security updated on August 1, 2018. Based on the feedback and messaging around the issue on other forums such as Acquia.com, it is highly recommended that anyone on Drupal 8.5 install this important update. For organizations not running on the latest version of Drupal 8, it is recommended that you manually upgrade the impacted libraries as soon as possible.
For more information on the Drupal Security Advisories, the Drupal Security Team and Drupal Security Rating Process, check out our previous post here: https://bluetext.com/drupal-8-critical-security-release-march-28th-2018/