An XML External Entity (XXE) Injection vulnerability was found in Commons Jelly library. If a custom doctype
entity is declared with a SYSTEM
entity with a URL and that entity is used in the body of the Jelly file, the parser will attempt to connect to provided URL.