CVE-2018-17186

An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt