[MEDIUM] Arbitrary file upload and XML External Entity processing

PKSA-b6j6-98g6-jt8b GHSA-9cw3-j7wg-jwj8

Affected package: neos/flow

Affected version: >=2.3.0,<2.3.7|>=3.0.0,<3.0.1

Reported by:
GitHub, FriendsOfPHP/security-advisories