[MEDIUM] Arbitrary file upload and XML External Entity processing

PKSA-5wgs-7sf8-8pnf GHSA-r6mm-wmhf-849m

Affected package: typo3/flow

Affected version: >=2.3.0,<2.3.7|>=3.0.0,<3.0.1

Reported by:
GitHub, FriendsOfPHP/security-advisories