Description
An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution.
Affected products
- Apache Software Foundation / Apache SyncopeApache Syncope releases prior to 2.0.11 and 2.1.2 – Apache Syncope releases prior to 2.0.11 and 2.1.2