Update CVE

Author: tvdijen

security/202412-01.md

@@ -32,7 +32,10 @@ Remove the `LIBXML_DTDLOAD | LIBXML_DTDATTR` options from `$options` is in: http
 
 ### Background / details
 
-To be published on Dec 8th
+While there is the NONET option, an attacker can simply bypass if by using PHP filters:
+php://filter/convert.base64-encode/resource=http://URL OR FILE
+
+From there an attacker can induce network connections and steal the targeted file OOB (haven't fully tested this).
 
 ### Credit