CVE-2019-8126
CVE-2019-8126 describes an XML entity injection vulnerability in Magento: versions 2.2 before 2.2.10 and 2.3 before 2.3.3 (or 2.3.2-p1) allow an authenticated admin to craft a document type definition for an XML layout, enabling processing of external entities and potential information disclosure...