Jwilson

**Name of the Vulnerable Software and Affected Versions** Square Open Source Retrofit versions prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 **Description** The issue is related to a XML External Entity (XXE) vulnerability in JAXB, which can be exploited by an attacker to remotely read files from the file system or to perform Server-Side Request Forgery (SSRF). **Recommendations** For Square Open Source Retrofit versions prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437, update to a version that includes the fix committed in 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 to resolve the issue. As a temporary workaround, consider restricting the use of JAXB to minimize the risk of exploitation.