XML External Entity (XXE)

tinkerpop is vulnerable to XML external entity attacks. The gremlin-core package does not disable the XML input stream potentially allowing attackers to submit malicious XML to the XML parser and gain access to sensitive information...