You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Sep 21, 2024. It is now read-only.
The Domparser method in the InvokeDecoder.java uses the xml parser to parse the xml string without disabling the xml external entity, causing the attacker to construct a malicious xml string for the xce attack .
The same problem exists in SAXParser.java and XMLConfig.java
The Domparser method in the InvokeDecoder.java uses the xml parser to parse the xml string without disabling the xml external entity, causing the attacker to construct a malicious xml string for the xce attack .
The same problem exists in SAXParser.java and XMLConfig.java