xxe
QiAnXinCodeSafe opened this issue · 0 comments
QiAnXinCodeSafe commented
When parsing the xml string in the Cilent.java , there is no prohibition of parsing the xml external entity. The attacker may construct a malicious return data to perform the xml external entity injection attack.
