There should not be insecure usage of XSL processors in deegree3.

[c1gar]

In the latest version of deegree3, the file org.deegree.commons.xml.XsltUtils.java contains XSLT functionality no security parameters were added. This is highly risky, as XSLT vulnerabilities could lead to RCE, file reading, and other vulnerabilities. It is advisable to add security parameters, such as factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true).