Does CVE-2019-8144 Page Builder RCE apply to M2.2.x?

Does the Magento CVE-2019-8144 that was recently announced actually apply to M2.2.x since Page Builder wasn’t launched until M2.3.1?


Or, is M2.2.x vulnerable to the Page Builder RCE anyways because the vulnerable code is present?


I believe there could be a special effort to install Page Builder before 2.3.1, but that’s a special case. I’m referring to the default use case.