More information about this security flaw is available in the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=2346987 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
In my opinion, the fix for this CVE can’t be backported as a patch with high confidence and a reasonable amount of effort. The fix https://github.com/abseil/abseil-cpp/commit/5a0e2cb5e3958dd90bb8569a2766622cb74d90c1 is not especially self-contained, and the code to which it applies has changed quite a bit since the version 20200923.3 that is packaged in EPEL8. Updating to a newer release would be an ABI-breaking update requiring https://docs.fedoraproject.org/en-US/epel/epel-policy-incompatible-upgrades/#process_for_incompatible_upgrades and could be disruptive to the packages that depend on abseil-cpp in EPEL8: bloaty and libarrow. It might be possible to do something about this if someone is determined enough, but I won’t be that person.