CNNVD 关于微信支付官方SDK XXE漏洞情况的通报

PHA+PHN0cm9uZyBzdHlsZT0iY29sb3I6IHJnYigwLCAxNzYsIDgwKTsiPui/keaXpe+8jOWbveWutuS/oeaBr+WuieWFqOa8j+a0nuW6k++8iENOTlZE77yJ5pS25Yiw5YWz5LqO5b6u5L+h5pSv5LuYU0RLIFhYRe+8iFhNTCBFeHRlcm5hbCBFbnRpdHnvvInmvI/mtJ7vvIhDTk5WRC0yMDE4MDctMDgz77yJ5oOF5Ya155qE5oql6YCB44CC5oiQ5Yqf5Yip55So6K+l5ryP5rSe55qE5pS75Ye76ICF5Y+v5Lul6L+c56iL6K+75Y+W5pyN5Yqh5Zmo5paH5Lu277yM6I635Y+W5ZWG5oi35pyN5Yqh5Zmo5LiK55qE6ZqQ56eB5pWw5o2u77yM55Sa6Iez5Y+v5Lul5pSv5LuY5Lu75oSP6YeR6aKd6LSt5Lmw5ZWG5ZOB44CC5L2/55So5pyJ5ryP5rSe55qESmF2YeeJiOacrOW+ruS/oeaUr+S7mFNES+i/m+ihjOaUr+S7mOS6pOaYk+eahOWVhuWutue9keermeWPr+iDveWPl+atpOa8j+a0nuW9seWTjeOAguebruWJje+8jOW+ruS/oeWumOaWueW3sue7j+WPkeW4g+ihpeS4geS/ruWkjeivpea8j+a0nu+8jOW7uuiurueUqOaIt+WPiuaXtuehruiupOaYr+WQpuWPl+WIsOa8j+a0nuW9seWTje+8jOWwveW/q+mHh+WPluS/ruihpeaOquaWveOAgjwvc3Ryb25nPjwvcD48aDI+PHN0cm9uZz7kuIDjgIHmvI/mtJ7ku4vnu408L3N0cm9uZz48L2gyPjxwPuW+ruS/oeaUr+S7mOWumOaWuVNES+aYr+W+ruS/oeaUr+S7mOWumOaWueeahOi9r+S7tuW3peWFt+W8gOWPkeWMhe+8jOWcqOS9v+eUqOW+ruS/oeaUr+S7mOaXtu+8jOWVhuWutumcgOimgeWQkeW+ruS/oeaPkOS+m+S4gOS4qlVSTOeUqOadpeaOpeaUtuW8guatpeaUr+S7mOe7k+aenOeahOmAmuefpe+8jOivpeaOpeWPo+aOpeWPl1hNTOagvOW8j+eahOaVsOaNruOAglhNTOivreiogOagh+WHhuaUr+aMgeS6huS4juWklumDqOi/m+ihjOWunuS9k+aVsOaNruS6pOaNoueahOeJueaAp++8jOWmguaenOeoi+W6j+WcqOino+aekFhNTOaXtuayoeaciemZkOWItuaIluWFs+mXreivpeeJueaAp++8jOWQjOaXtuWklumDqOWPiOWPr+S7peS8oOWFpeacieaBtuaEj+S7o+eggeeahFhNTOaVsOaNruWwseS8muinpuWPkea8j+a0nuOAguW+ruS/oeaUr+S7mOWumOaWueaPkOS+m+eahFNES+eUseS6jue8lueggemBl+a8j++8jOacquWFs+mXreivpVhNTOeJueaAp+OAguWVhuWutuWcqOWFtuezu+e7n+S4reWmguaenOS9v+eUqOivpeeJiOacrFNES++8jOezu+e7n+S+v+S8muWPl+a8j+a0nuW9seWTjeOAgjwvcD48cD7lvq7kv6HlnKjmlK/ku5jov4fnqIvkuK3vvIzlhbZKYXZh54mI5pys55qEU0RL5rKh5pyJ5YWz6Zet6K+lWE1M54m55oCn77yM5a+86Ie05pS75Ye76ICF5Zyo6I635Y+W5LqG5o6l5pS26YCa55+l55qEVVJM5Zyw5Z2A55qE5YmN5o+Q5LiL77yM5Y+v5Lul6YCa6L+H5p6E6YCg5oG25oSP55qEWE1M5pWw5o2u5YyF5Y+R6YCB5Yiw6K+lVVJM5p2l56qD5Y+W5ZWG5a62572R56uZ5pyN5Yqh5Zmo5LiK55qE6ZqQ56eB5pWw5o2u44CCPC9wPjxoMj48c3Ryb25nPuS6jOOAgeWNseWus+W9seWTjTwvc3Ryb25nPjwvaDI+PHA+5oiQ5Yqf5Yip55So6K+l5ryP5rSe55qE5pS75Ye76ICF5Y+v5Lul6L+c56iL6K+75Y+W5pyN5Yqh5Zmo5paH5Lu277yM6I635Y+W5ZWG5oi35pyN5Yqh5Zmo5LiK55qE6ZqQ56eB5pWw5o2u77yM55Sa6Iez5Y+v5Lul5pSv5LuY5Lu75oSP6YeR6aKd6LSt5Lmw5ZWG5ZOB44CC5L2/55So5pyJ5ryP5rSe55qESmF2YeeJiOacrOW+ruS/oeaUr+S7mFNES+i/m+ihjOaUr+S7mOS6pOaYk+eahOWVhuWutue9keermeWPr+iDveWPl+atpOa8j+a0nuW9seWTjeOAgjwvcD48aDI+PHN0cm9uZz7kuInjgIHkv67lpI3lu7rorq48L3N0cm9uZz48L2gyPjxwPuebruWJje+8jOW+ruS/oeWumOaWueW3sue7j+WPkeW4g+ihpeS4geS/ruWkjeivpea8j+a0nu+8jOW7uuiurueUqOaIt+WPiuaXtuehruiupOaYr+WQpuWPl+WIsOa8j+a0nuW9seWTje+8jOWwveW/q+mHh+WPluS/ruihpeaOquaWve+8jOWFt+S9k+aOquaWveWmguS4i++8mjwvcD48cD4xLuWmguaenOWQjuWPsOezu+e7n+S9v+eUqOS6huWumOaWuVNES++8jOivt+abtOaWsFNES+WIsOacgOaWsOeJiOacrO+8jOmTvuaOpeWmguS4izo8L3A+PGJsb2NrcXVvdGU+PHA+PGEgaHJlZj0iaHR0cHM6Ly9wYXkud2VpeGluLnFxLmNvbS93aWtpL2RvYy9hcGkvanNhcGkucGhwP2NoYXB0ZXI9MTFfMSI+aHR0cHM6Ly9wYXkud2VpeGluLnFxLmNvbS93aWtpL2RvYy9hcGkvanNhcGkucGhwP2NoYXB0ZXI9MTFfMTwvYT48L3A+PC9ibG9ja3F1b3RlPjxwPjIu5aaC5p6c5pyJ57O757uf5o+Q5L6b5ZWG77yM6K+36IGU57O75o+Q5L6b5ZWG6L+b6KGM5qC45p+l5ZKM5Y2H57qn5L+u5aSN77ybPC9wPjxwPjMu5aaC5p6c5piv6Ieq56CU57O757uf77yM6K+36IGU57O75oqA5pyv6YOo6Zeo5oyJ5Lul5LiL5oyH5byV5qC45p+l5ZKM5L+u5aSN77yaPC9wPjxwPlhYRea8j+a0numcgOimgeWcqOS7o+eggeS4rei/m+ihjOebuOW6lOeahOiuvue9ru+8jOS4jeWQjOivreiogOiuvue9rueahOWGheWuueS4jeWQjO+8jOS4i+mdouaPkOS+m+S6huWHoOenjeS4u+a1geW8gOWPkeivreiogOeahOiuvue9ruaMh+W8le+8mjwvcD48cD7jgJBQSFDjgJE8L3A+PHByZT5saWJ4bWxfZGlzYWJsZV9lbnRpdHlfbG9hZGVyKHRydWUpOzwvcHJlPjxwPuOAkEpBVkHjgJHkuI3lkIxqYXZh57uE5Lu25L+u5aSN5pa55qGI5LiN5LiA5qC377yM6K+35Y+C6ICDT1dBU1Dkv67lpI3lu7rorq7vvJo8L3A+PGJsb2NrcXVvdGU+PHA+PGEgaHJlZj0iaHR0cHM6Ly93d3cub3dhc3Aub3JnL2luZGV4LnBocC9YTUxfRXh0ZXJuYWxfRW50aXR5XyhYWEUpX1ByZXZlbnRpb25fQ2hlYXRfU2hlZXQjSmF2YSIgdGFyZ2V0PSJfYmxhbmsiPmh0dHBzOi8vd3d3Lm93YXNwLm9yZy9pbmRleC5waHAvWE1MX0V4dGVybmFsX0VudGl0eV8oWFhFKV9QcmV2ZW50aW9uX0NoZWF0X1NoZWV0I0phdmE8L2E+PC9wPjwvYmxvY2txdW90ZT48cD7jgJAuTmV044CRPC9wPjxwcmU+WG1sUmVzb2x2ZXImbmJzcDs9Jm5ic3A7bnVsbDwvcHJlPjxwPuOAkFB5dGhvbuOAkTwvcD48cHJlPmZyb20mbmJzcDtseG1sJm5ic3A7aW1wb3J0Jm5ic3A7ZXRyZWUgeG1sRGF0YSZuYnNwOz0mbmJzcDtldHJlZS5wYXJzZSh4bWxTb3VyY2UsZXRyZWUuWE1MUGFyc2VyKHJlc29sdmVfZW50aXRpZXM9RmFsc2UpKTwvcHJlPjxwPuOAkGMvYysrKOW4uOeUqOW6k+S4umxpYnhtbDImbmJzcDtsaWJ4ZXJjZXMtYynjgJE8L3A+PHA+44CQbGlieG1sMuOAkTombmJzcDsmbmJzcDvnoa7kv53lhbPpl63phY3nva7pgInpobnvvJpYTUxfUEFSU0VfTk9FTlQmbmJzcDvlkowmbmJzcDtYTUxfUEFSU0VfRFRETE9BRDwvcD48cD4yLjnniYjmnKzku6XkuIrlt7Lkv67lpI14eGU8L3A+PHA+44CQbGlieGVyY2VzLWPjgJHvvJrlpoLmnpznlKjnmoTmmK9YZXJjZXNET01QYXJzZXI6PC9wPjxwcmU+WGVyY2VzRE9NUGFyc2VyJm5ic3A7KnBhcnNlciZuYnNwOz0mbmJzcDtuZXcmbmJzcDtYZXJjZXNET01QYXJzZXI7IHBhcnNlci0+c2V0Q3JlYXRlRW50aXR5UmVmZXJlbmNlTm9kZXMoZmFsc2UpOzwvcHJlPjxwPuWmguaenOaYr+eUqFNBWFBhcnNlcjo8L3A+PHByZT5TQVhQYXJzZXIqJm5ic3A7cGFyc2VyJm5ic3A7PSZuYnNwO25ldyZuYnNwO1NBWFBhcnNlcjsgcGFyc2VyLT5zZXREaXNhYmxlRGVmYXVsdEVudGl0eVJlc29sdXRpb24odHJ1ZSk7PC9wcmU+PHA+5aaC5p6c5piv55SoU0FYMlhNTFJlYWRlcjo8L3A+PHByZT5TQVgyWE1MUmVhZGVyKiZuYnNwO3JlYWRlciZuYnNwOz0mbmJzcDtYTUxSZWFkZXJGYWN0b3J5OjpjcmVhdGVYTUxSZWFkZXIoKTsgcGFyc2VyLT5zZXRGZWF0dXJlKFhNTFVuaTo6ZmdYZXJjZXNEaXNhYmxlRGVmYXVsdEVudGl0eVJlc29sdXRpb24sJm5ic3A7dHJ1ZSk7PC9wcmU+PHA+5q2k5aSW77yM6ZKI5a+55L2/55SoWE1M6L+b6KGM5pWw5o2u5Lqk5o2i55qE572R57uc57O757uf77yI5aaC77ya56ys5LiJ5pa55pSv5LuY5bmz5Y+w562J77yJ77yM5bu66K6u55u45YWz57O757uf5Y6C5ZWG5a+56Kej5p6Q5aSE55CGWE1M5pWw5o2u55qE5Yqf6IO95Luj56CB6L+b6KGM5a6J5YWo5qOA5p+l77yM5Y+v5Y+C6ICD5LiK6L+w5pa55rOV5L+u5aSN5ryP5rSe77yM5Y+K5pe25raI6Zmk5ryP5rSe6aOO6Zmp44CCPC9wPjxwPjxzcGFuIHN0eWxlPSJjb2xvcjogcmdiKDE1OSwgMTYzLCAxNjgpOyI+PHN0cm9uZz4q5pys5paH5L2c6ICF77yaQ05OVkTvvIzovazovb3oh6pGcmVlQnVmLkNPTTwvc3Ryb25nPjwvc3Bhbj48L3A+