ignite-core is vulnerable external XML entity (XXE) attacks. The update notifier component sends sensitive system data over an unsecured HTTP connection. Since TLS is not used man-in-the-middle (MitM) attacks also possible. Attackers can alter the response coming from the server the information is sent to. This response is then parsed as XML leading to an XXE attack.