Improper Restriction of XML External Entity Reference
XMLBundle is vulnerable to XXE attacks which can result in denial of service attacks.
Advisories for Composer/Desperado/Xml-Bundle package
2018
XMLBundle is vulnerable to XXE attacks which can result in denial of service attacks.