yworks yEd Graph Editor – XML External Entity injection
Update to yworks yEd Graph Editor version 3.20.1
The yEd Graph Editor application has XML External Entities enabled. It is possible to conduct XML External Entities injection attack and potentially exfiltrate files on the victim workstation via malicious XML file such as GraphML document.
Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.