PT-2023-10823 · Unknown · Wechat Sdk
Hanqing-Sun
·
Published
2023-03-21
·
Updated
2024-05-17
·
CVE-2018-25082
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
zwczou WeChat SDK Python versions 0.3.0 through 0.5.4
Description
A critical issue affects the
validate/to xml function, leading to xml external entity reference. The attack may be initiated remotely.Recommendations
To address this issue, upgrade to version 0.5.5. As a temporary workaround, consider disabling the
validate/to xml function until the patch is applied. Restrict access to the affected component to minimize the risk of exploitation.Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wechat Sdk