Lack of sanitization of the billing address in pdf invoice

Adam identified a vulnerability that allowed the HTML code injection into payment invoice PDFs. This vulnerability arose from insufficient content sanitization during the interaction between services, where considered trustworthy content from the user service was transferred to the invoice generation system without proper validation. It's important to note that the PDF generation backend operates in isolation from the payment infrastructure. As a result, it does not have the capability to access sensitive information. The subsequent internal review revealed no evidence of this vulnerability being exploited by unauthorized parties.