Teiid: XML eXternal Entity (XXE) flaw in SQL/XML parsing
It was found that Teiid SQL/XML permitted XML eXternal Entity XXE attacks. If a REST endpoint was deployed, a remote attacker could submit a request containing an external XML entity that, when resolved, allowed that attacker to read files on the application server in the context of the user...