In advisory I believe vulnerable versions should be updated.
[,2.4.2]
Reason:
According to Patch, I have confirmed that the vulnerability may also be triggered before version 2.4.2.
2.4.2