PHP.net recently announced a security vulnerability for PHP FPM, CVE-2019-11043:
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
The Acquia Security Team has reviewed the details of this vulnerability internally and can confirm that applications on the Acquia Cloud platform are not impacted. This vulnerability exists only in specific Nginx configuration conditions, which are not implemented by Acquia.
Please contact Acquia Support if you have any additional questions and we’ll be happy to assist further.