CVE-2021-41042
Eclipse Lyo versions 1.0.0–4.1.0 are affected by CVE-2021-41042 due to a TransformerFactory initialized with defaults that do not restrict DTD loading for RDF/XML. This enables an attacker to cause an external DTD to be retrieved, leading to potential information exposure (external entity referen...