xxe vulnerabilities #486
Description
Hello, I am a member of the 360 Code Guard team. In our open source project code audit, we found that Pippo has xxE vulnerabilities. Details are as follows.
pippo/pippo-content-type-parent/pippo-jaxb/src/main/java/ro/pippo/jaxb/JaxbEngine.java
Because the XML parser does not disable dtd, xxE attacks can occur when content parameters are controlled by malicious attackers