CVE-2018-25082

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-25082
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-25082.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-25082
Aliases
Published
2023-03-21T18:15:11Z
Modified
2025-01-08T10:19:49.108592Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patch is named e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403.

References

Affected packages

Git / github.com/zwczou/weixin-python

Affected ranges

Type
GIT
Repo
https://github.com/zwczou/weixin-python
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e54abadc777715b6dcb545c13214d1dea63df6c9
Fixed
e54abadc777715b6dcb545c13214d1dea63df6c9

Affected versions

v0.*

v0.3.0