-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability centers on improper XML parsing in WXPayUtil. XXE vulnerabilities typically occur in XML parsing functions that don't disable DTD/external entity resolution. The advisory specifically mentions WXPayUtil as the vulnerable component, and the 'xmlToMap' method is a common XML deserialization pattern in Java SDKs. The lack of XML parser security settings (like disabling FEATURE_SECURE_PROCESSING or explicitly prohibiting DTDs) in this function would enable XXE attacks through merchant notification payloads.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.github.wxpay:wxpay-sdk | maven | <= 3 |
A Semantic Attack on Google Gemini - Read the Latest Research