Notwo1F

**Name of the Vulnerable Software and Affected Versions** FlowDroid versions prior to 2.9.0 **Description** The issue allows an attacker who has control over the source/sink definition file in XML format to read files from external locations. This occurs when the XML-based format for sources and sinks is used and the attacker has control over the source/sink definition file. The vulnerability is related to an XML external entity (XXE) issue. **Recommendations** For versions prior to 2.9.0, update to version 2.9.0 to resolve the issue. As a temporary workaround, do not allow untrusted entities to control the source/sink definition file.