Closed QiAnXinCodeSafe closed 5 years ago
When parsing the xml string in the Cilent.java , there is no prohibition of parsing the xml external entity. The attacker may construct a malicious return data to perform the xml external entity injection attack.
When parsing the xml string in the Cilent.java , there is no prohibition of parsing the xml external entity. The attacker may construct a malicious return data to perform the xml external entity injection attack.![图片](https://user-images.githubusercontent.com/39950310/57669050-22794900-763c-11e9-9202-fd0cf7030f78.png)