WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL.
References
Link | Resource |
---|---|
https://packetstormsecurity.com/files/148390/WeChat-Pay-SDK-XXE-Injection.html | Exploit Third Party Advisory VDB Entry |
Configurations
Information
Published : 2018-07-08 08:29
Updated : 2018-09-10 07:51
NVD link : CVE-2018-13439
Mitre link : CVE-2018-13439
JSON object : View
CWE
CWE-611
Improper Restriction of XML External Entity Reference
Products Affected
tencent
- wechat_pay