com.twelvemonkeys.imageio, imageio-metadata is vulnerable to XML external entity injection attacks. The vulnerability exist in parseDirectories
function in XMPReader.java
due to lack of validation in XML parser which allows attackers to submit malicious XML and gain access to sensitive information.