[MEDIUM] Composer JavaScript injection possible via html comments

PKSA-s6vd-ty4r-kfmx CVE-2019-8233 GHSA-fm68-89m8-4gjj

Affected package: magento/community-edition

Affected version: >=2.3,<2.3.3|>=2.2,<2.2.10

Reported by:
GitHub