Hi Juan,
Thanks! There are no such files in SonarQube. I assume that you used a tool to scan for it, so the likely explanation is that it is reporting false-positives. Have you tried accessing the files in your browser?
Also, please note that we have a process in place to report vulnerabilities that should be followed: Responsible Vulnerability Disclosure