A vulnerability was found in perl-XML-Twig. External entity expansion (XXE) took place regardless of the setting ‘expand_external_ents’, which was supposed to disable this functionality if set to 0 (the default) or -1. An attacker could craft an XML message which, when processed by an application using perl-XML-Twig, could cause denial of service or, potentially, information disclosure.