DiffPlug Spotless is vulnerable to XML external entities (XXE). The XML formatter has resolveExternalURI
setting to true by default and it loads external DTD.
CPE | Name | Operator | Version |
---|---|---|---|
spotless-plugin-gradle | le | 3.19.0 | |
spotless-maven-plugin | le | 1.19.0 |