Magento 2.1 Insufficient Information Vulnerability
An authenticated user can manipulate the design layout update feature.
The information has been provided by Blaklis
The original article can be found at:https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature.
Magento 2.1 prior to 2.1.19
Magento 2.2 prior to 2.2.10
Magento 2.3 prior to 2.3.3.