XML External Entity (XXE) Injection
org.hl7.fhir.utilities is vulnerable to XML External Entity XXE Injection. The vulnerability is due to the saxonTransform... methods instantiating an unprotected TransformerFactory without restricting external DTDs and stylesheets, which allows an attacker to supply a malicious XML document that...