Advisories for Maven/Com.squareup.retrofit2/Retrofit package

Square Retrofit contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter. By manipulating the URL, an attacker could add or delete resources.

Square Open Source Retrofit contains an XML External Entity (XXE) vulnerability in JAXB. An attacker could use this to remotely read files from the file system or to perform SSRF.