service-api is vulnerable to XML External Entity (XXE). The vulnerability exists due to an insecure configuration in the XML parser. An attacker is able to import a malicious crafted file which imports external Document Type Definition (DTD) files which will extract secrets from the system.