CVE-2021-40180

Summary

CVE	CVE-2021-40180
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-07-26 23:15:00 UTC
Updated	2022-08-04 16:17:00 UTC
Description	In the WeChat application 8.0.10 for Android and iOS, a mini program can obtain sensitive information from a user's address book via wx.searchContacts.

Risk And Classification

Problem Types: CWE-200

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Tencent	Wechat	8.0.10	All	All	All
Application	Tencent	Wechat	8.0.10	All	All	All

References

Reference	Source	Link	Tags
百度网盘请输入提取码	MISC	pan.baidu.com
百度网盘请输入提取码	MISC	pan.baidu.com
Vulnerabilities-Related-to-Mini-Programs-Permissions/WX applet contact permission vulnerability report.pdf at main · BESTICSP/Vulnerabilities-Related-to-Mini-Programs-Permissions · GitHub	MISC	github.com
arxiv.org/pdf/2205.15202.pdf	MISC	arxiv.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

630824 For ios Vulnerability CVE-2021-40180