CVE-2018-13439

WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL.
References
Link Resource
https://packetstormsecurity.com/files/148390/WeChat-Pay-SDK-XXE-Injection.html Exploit Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:tencent:wechat_pay:-:*:*:*:*:*:*:*

Information

Published : 2018-07-08 08:29

Updated : 2018-09-10 07:51


NVD link : CVE-2018-13439

Mitre link : CVE-2018-13439


JSON object : View

CWE
CWE-611

Improper Restriction of XML External Entity Reference

Advertisement

dedicated server usa

Products Affected

tencent

  • wechat_pay