[org.jenkins-ci.plugins:mercurial] Improper Restriction of XML External Entity Reference in Jenkins Mercurial Plugin

Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

References

• https://nvd.nist.gov/vuln/detail/CVE-2020-2305
• https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2115
• https://github.com/advisories/GHSA-x58r-wxc3-7pqr