CVE-2019-8093
Magento 2.2.x before 2.2.10 and 2.3.x before 2.3.3 (or 2.3.2-p1) contain an arbitrary file access vulnerability. An authenticated user can abuse the file upload controller for downloadable products to read or delete arbitrary files. Remediation: apply the Magento security patches 2.2.10 and 2.3.3...