Description
An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file.
Remediation
References
https://github.com/Wechat-Group/weixin-java-tools/issues/889
Related Vulnerabilities
CVE-2022-41255 Vulnerability in maven package org.jenkins-ci.plugins:cons3rt
CVE-2021-23700 Vulnerability in npm package merge-deep2
CVE-2021-45456 Vulnerability in maven package org.apache.kylin:kylin-server-base
CVE-2023-4316 Vulnerability in npm package zod
CVE-2020-7744 Vulnerability in maven package com.mintegral.msdk:alphab