Arbitrary file upload and XML External Entity processing

PKSA-5wgs-7sf8-8pnf

Affected package: typo3/flow

Affected version: >=2.3.0,<2.3.7|>=3.0.0,<3.0.1

Reported by:
FriendsOfPHP/security-advisories