The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks.
On Saturday, security researcher Alexander Klink disclosed an interesting attack where exploiting an XXE (XML External Entity) vulnerability in a Java application can be used to send emails.
XXE vulnerabilities can be exploited by tricking applications to parse specially crafted XML files that would force the XML parser to disclose sensitive information such as files, directory listings, or even information about processes running on the server.
