cvrf2csaf is vulnerable to XML External Entity (XXE) attacks. The vulnerability exists due to improper input validation in the _validate_input_against_schema
function in the _validate_input_against_schema
file This allows to view arbitrary file content