Lucene search
Veracode Vulnerability DatabaseVERACODE:39896HistoryMar 22, 2023 - 1:19 a.m.
XML External Entity (XXE) Injection
2023-03-2201:19:47
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
xml external entity
xxe injection
parse function
to_xml function
malicious xml documents
server requests
0.002 Low
EPSS
Percentile
51.7%
weixin-python is vulnerable to XML External Entity (XXE) Injection. The vulnerability exists due to the parse function in msg.py and the to_xml function in pay.py because xml entities are allowed to be resolved, allowing an attacker to inject and execute malicious XML documents to perform requests on behalf of the server.
| CPE | Name | Operator | Version |
|---|---|---|---|
| weixin-python | le | 0.5.4 | |
| weixin-python | le | 0.5.4 |
Related
cve
cve
CVE-2018-25082
2023-03-21 18:15:11
prion
prion
Xxe
2023-03-21 18:15:00
github
github
weixin-python XML External Entity vulnerability
2023-03-21 18:30:19
osv
osv
weixin-python XML External Entity vulnerability
2023-03-21 18:30:19
CVE-2018-25082
2023-03-21 18:15:11
nvd
nvd
CVE-2018-25082
2023-03-21 18:15:11
cvelist
cvelist
CVE-2018-25082 zwczou WeChat SDK Python to_xml xml external entity reference
2023-03-21 18:00:05