GHSA-h755-h99p-9ffv

Source

https://github.com/advisories/GHSA-h755-h99p-9ffv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-h755-h99p-9ffv/GHSA-h755-h99p-9ffv.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-h755-h99p-9ffv

Aliases

CVE-2019-5312

Published

2022-05-14T01:40:24Z

Modified

2024-02-16T08:04:07.633477Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

XML External Entity Reference in weixin-java-tools

Details

An issue was discovered in weixin-java-tools. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file. NOTE: this issue exists because of an incomplete fix for CVE-2018-20318.

Database specific

{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-611"
    ],
    "github_reviewed_at": "2024-01-08T20:11:00Z",
    "nvd_published_at": "2019-01-04T16:29:00Z",
    "severity": "CRITICAL"
}

References

Affected packages

Maven / com.github.binarywang:weixin-java-common

Package

Name: com.github.binarywang:weixin-java-common; View open source insights on deps.dev
Purl: pkg:maven/com.github.binarywang/weixin-java-common

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.2.B

Affected versions

1.*

1.3.4

1.3.5

1.3.5.1

1.3.5.2

1.3.5.3

1.3.5.4

1.3.5.5

1.3.5.6

1.3.5.7

1.3.5.8

1.3.5.9

1.3.5.10

1.3.5.11

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.3.0

2.3.1

2.4.0

2.4.1

2.4.2

2.4.3

2.4.4.BETA

2.4.4-beta

2.4.5.BETA

2.4.6.BETA

2.4.7.BETA

2.4.8.BETA

2.4.9.BETA

2.5.0

2.5.1.BETA

2.5.2.BETA

2.5.3.BETA

2.5.4.BETA

2.5.5.BETA

2.5.6.BETA

2.5.7.BETA

2.6.0

2.6.1.BETA

2.6.2.BETA

2.6.3.BETA

2.6.4.BETA

2.6.5.BETA

2.7.0

2.7.1.BETA

2.7.2.BETA

2.7.3.BETA

2.7.4.BETA

2.7.5.BETA

2.7.6.BETA

2.7.7.BETA

2.7.7

2.7.8.BETA

2.7.8

2.7.9.BETA

2.8.0

2.8.1.BETA

2.8.2.BETA

2.8.3.BETA

2.8.4.BETA

2.8.5.BETA

2.8.6.BETA

2.8.7.BETA

2.8.8.BETA

2.8.9.BETA

2.9.0

2.9.1.BETA

2.9.2.BETA

2.9.3.BETA

2.9.4.BETA

2.9.5.BETA

2.9.6.BETA

2.9.7.BETA

2.9.8.BETA

2.9.9.BETA

3.*

3.0.0

3.0.1.BETA

3.0.2.BETA

3.0.3.BETA

3.0.4.BETA

3.0.5.BETA

3.0.6.BETA

3.0.7.BETA

3.0.8.BETA

3.0.9.BETA

3.1.0

3.1.1.BETA

3.1.2.BETA

3.1.3.BETA

3.1.4.BETA

3.1.5.BETA

3.1.6.BETA

3.1.7.BETA

3.1.8.B

3.1.9.B

3.2.0

3.2.1.B

3.2.2.B

3.2.3.B

3.2.4.B

3.2.5.B

3.2.6.B

3.2.7.B

3.2.8.B

3.2.9.B

3.2.10.B

3.3.0

3.3.1.B