Improper Restriction of XML External Entity Reference
All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.
Advisories for Maven/Com.puppycrawl.tools/Checkstyle package
2020
2019
Improper Restriction of XML External Entity Reference
Checkstyle before 8.18 loads external DTDs by default.