Description of problem: CVE-2020-24379 - XXE injecton; CVE-2020-24916 - OS command injection. Version-Release number of selected component (if applicable): up to 2.0.8