Joshuasing

**Name of the Vulnerable Software and Affected Versions** Dragonfly version 0.3.0-SNAPSHOT **Description** The issue concerns a Java runtime dependency management library that does not configure DocumentBuilderFactory to prevent XML external entity (XXE) attacks. This can be avoided by not trying to resolve `SNAPSHOT` versions, as the library only parses XML for such versions. **Recommendations** For Dragonfly version 0.3.0-SNAPSHOT, update to version 0.3.1-SNAPSHOT to resolve the issue. As a temporary workaround, consider avoiding the resolution of `SNAPSHOT` versions to minimize the risk of exploitation.