jbpm-designer: XXE in BPMN2 import
An XML External Entity XXE flaw was found in the jbpm-designer BPMN2 import function. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks...