[HIGH] Form API ignores access restrictions on submit buttons

PKSA-ckgy-hnh7-rnvz CVE-2016-3165 GHSA-4gh5-3hqj-x3pj

Affected package: drupal/drupal

Affected version: >=8.0,<8.0.4

Reported by:
FriendsOfPHP/security-advisories, GitHub