Name of the Vulnerable Software and Affected Versions: pmml-model versions prior to 1.4.3

Description: A remote attacker can exploit an XML eXternal Entity (XXE) Injection by sending a request to submit malicious External Entity references within the embedded XML metadata to the target system.

Recommendations: For versions prior to 1.4.3, update to version 1.4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the XML metadata submission endpoint to minimize the risk of exploitation.