bjguillot
commented
5 years ago Thank you for bringing this to our attention. We are investigating.
Closed QiAnXinCodeSafe closed 4 years ago
bjguillot
commented
5 years ago Thank you for bringing this to our attention. We are investigating.
bjguillot
commented
4 years ago Thanks. This was resolved back in Version 3.5.1 - May 2019.
When parsing the xml string (parameter data), the xml external entity is not disabled, and the attacker may control the data to perform the xml external entity injection attack.