Description
An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file.
Remediation
References
https://github.com/Wechat-Group/weixin-java-tools/issues/889
Related Vulnerabilities
CVE-2022-37223 Vulnerability in maven package com.jflyfox:jflyfox_jfinal
CVE-2021-44868 Vulnerability in maven package net.mingsoft:ms-mcms
CVE-2020-28503 Vulnerability in maven package org.webjars.npm:copy-props
CVE-2022-4742 Vulnerability in maven package org.webjars.npm:json-pointer
CVE-2022-0624 Vulnerability in maven package org.webjars.npm:parse-path