Following this article:
versions of Magento prior to 2.1.19 are affected by the security holes. But there is no such version as 2.1.19 provided by composer. The article also states that The Magento 2.2.10 software release marks the final supported software release for Magento version 2.1.x.
Does that mean that 2.2.10 is the least version that fixes the vulnerability issues for versions prior to 2.1.19?