org.eclipse.lyo.oslc4j.core:oslc4j-jena-provider is vulnerable to XML external entity attack. Default initialization of createTransformer
does not restrict DTD document loading when working with RDF/XML formats, which allows remote attackers to retrieve external DTD documents.