Yes, as is OneDrive and Teams file sharing. Those, however, are part of SharePoint Online. SPO is distinct from this CVE, which only applies to the standalone SharePoint Server.
What I was kind of implying is that if the codebase is not that different maybe there has been a complete breach of office365 and Microsoft has stayed quiet about that.
