First published: Tue Mar 21 2023(Updated: )
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The name of the patch is e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403.
Credit: cna@vuldb.com cna@vuldb.com cna@vuldb.com
Affected Software | Affected Version | How to fix |
---|---|---|
pip/weixin-python | <0.5.5 | 0.5.5 |
Wechat Sdk Python Project Wechat Sdk Python | <0.5.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-25082 is critical with a severity value of 9.8.
CVE-2018-25082 affects zwczou WeChat SDK Python 0.3.0 by allowing for XML external entity references.
Yes, CVE-2018-25082 can be initiated remotely.
Upgrading to version 0.5.5 of zwczou WeChat SDK Python or pip/weixin-python can address the vulnerability.
CVE-2018-25082 is associated with CWE-611.