Geonetwork versions 3.1.x through 4.2.0 suffer from an XML external entity injection vulnerability. Continue reading...