The vulnerability occurs in configurations where foreign content is allowed, i.e. either
math are in the list of allowed elements.
Specifically, the requirements for the vulnerability are:
Configurations that meet the above requirements plus the following are vulnerable to an additional vulnerability:
Note that in the default configuration the vulnerability is not present.
The vulnerability has been fixed in versions 8.0.723 and 8.1.722-beta (preview version).
Disallow foreign elements
math. This is the case in the default configuration, which is therefore not affected by the vulnerability.