Closed QiAnXinCodeSafe closed 4 years ago
When parsing the xml string (parameter data), the xml external entity is not disabled, and the attacker may control the data to perform the xml external entity injection attack.
Thank you for bringing this to our attention. We are investigating.
Thanks. This was resolved back in Version 3.5.1 - May 2019.
When parsing the xml string (parameter data), the xml external entity is not disabled, and the attacker may control the data to perform the xml external entity injection attack.