javamelody-core is vulnerable to XML external entity attacks. This is due to enabled support for external entities and DTD in parseSoapMethodName
function in bull/javamelody/PayloadNameRequestWrapper.java
which allows for a remote attacker to perform such attacks.