silverstripe/framework is vulnerable to XML external entity (XXE) attacks. The loading of external entities and DTDs are not disabled and allows an attacker to perform server-side request forgery (SSRF) attacks or retrieve confidential system files via a malicious XML document.
forum.silverstripe.org/c/releases
github.com/silverstripe/silverstripe-framework/commit/7f97734a20521545aa7452a2cba791a907238a60
www.silverstripe.org/blog/tag/release
www.silverstripe.org/download/security-releases/
www.silverstripe.org/download/security-releases/cve-2020-25817
www.silverstripe.org/download/security-releases/cve-2021-25817/