You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Domparser method in the InvokeDecoder.java uses the xml parser to parse the xml string without disabling the xml external entity, causing the attacker to construct a malicious xml string for the xce attack .
The same problem exists in SAXParser.java and XMLConfig.java
The Domparser method in the InvokeDecoder.java uses the xml parser to parse the xml string without disabling the xml external entity, causing the attacker to construct a malicious xml string for the xce attack .

The same problem exists in SAXParser.java and XMLConfig.java