Description
An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file.
Remediation
References
https://github.com/Wechat-Group/weixin-java-tools/issues/889
Related Vulnerabilities
CVE-2021-39151 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2021-21295 Vulnerability in maven package io.netty:netty-codec-http2
CVE-2022-25767 Vulnerability in maven package com.bstek.ureport:ureport2-console
CVE-2016-10735 Vulnerability in maven package org.wildfly.swarm:bootstrap