Closed QiAnXinCodeSafe closed 5 years ago
When parsing the xml string in the Cilent.java , there is no prohibition of parsing the xml external entity. The attacker may construct a malicious return data to perform the xml external entity injection attack.
When parsing the xml string in the Cilent.java , there is no prohibition of parsing the xml external entity. The attacker may construct a malicious return data to perform the xml external entity injection attack.