Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure.
Published October 7, 2021.
Pingidentity Pingfederate