https://www.bleepingcomputer.com/news/security/magento-234-fixes-critical-code-execution-vulnerabilities/

Magento today updated its e-commerce software for all supported platforms with fixes for multiple vulnerabilities. Some of them have critical severity and hackers could exploit them to run arbitrary code.

The security bugs affect Magento Commerce (2.3.3/2.2.10 and below), Open Source (2.3.3/2.2.10 and below), Enterprise Edition (1.14.4.3 and earlier), and Community Edition (1.9.4.3 and earlier). New releases are now available for each of them.