[Axis2]Security Vulnerability - Action Required: XXE vulnerability in the newest version of org.apache.axis2:axis2

The vulnerability is present in the class org.apache.axis2.wsdl.codegen.extension.JAXBRIExtension   of method getNamespaceAwareDocumentBuilder()  , which is responsible for getting a DocumentBuilder object that supports namespace resolution. The vulnerable call chain we discover is: engage(CodeGenConfiguration configuration)→loadAdditionalSchemas()→getNamespaceAwareDocumentBuilder().
Given that the XML schema files stored in the /org/apache/axis2/wsdl/codegen/schema/ which is compromised by a hacker, the victim conducts regular process which incorporates the execution of method engage(), resulting in an XML External Entity (XXE) Injection attack.