cxf-core is vulnerable to server-side request forgery. The vulnerability exists due to the lack of URL encode in MTOM content-id, which allows an attacker to perform SSRF-style attacks on web services that take at least one parameter of any type through the href attribute of `XOP:Include`.Read More