RESTeasy: External entities expanded by DocumentProvider
It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessibl...