detekt-core is vulnerable to XML external entity attacks. The vulnerability exists in the read
function in BaselineFormat.kt
due to improper validation which allows an attacker to submit a malicious XML document.
github.com/advisories/GHSA-2cfc-865j-gm4w
github.com/detekt/detekt/commit/c965a8d2a6bbdb9bcfc6acfa7bbffd3da81f5395
github.com/detekt/detekt/pull/4499
huntr.dev/bounties/23e37ba7-96d5-4037-a90a-8c8f4a70ce44
huntr.dev/bounties/23e37ba7-96d5-4037-a90a-8c8f4a70ce44/
huntr.dev/bounties/23e37ba7-96d5-4037-a90a-8c8f4a70ce44/