I was made aware of a security issue with OctoPrint 1.2.0 and 1.2.1 a couple of hours ago. I just fixed that and pushed a new release 1.2.2. The changelog is here: https://github.com/foosel/OctoPrint/releases/tag/1.2.2

The issue is only exploitable when having access to the instance and then only for users that have administrator rights. So if you followed the initial setup procedure by enabling access control, set up an administrator account and kept that secret, you should not be at risk. I nevertheless advise you update your installation.

Let me also take this opportunity to remind you that you should never make your OctoPrint instance available over the internet without securing it at the very least with the included access control.