All versions of Drupal have critical security vulnerabilities that lets anyone take complete control over a website.
The issue was resolved in the following versions of Drupal released 25 april 2018:
Additionally, as a one-time exception, 8.4 has been updated with version 8.4.8. Drupal recommends that 8.x users upgrade to 8.5.3, as only 8.5.x has security support.
Source: Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004 (CVE-2018-7602)