magento/community-edition is vulnerable to arbitrary file upload. The vulnerability exists as a file upload filter bypass exists that allows users with admin privileges to edit configuration keys to remove file extension filters, potentially resulting in the malicious upload and execution of malicious files on the server.