BESTICSP/Vulnerabilities-Related-to-Mini-Programs-Permissions

BESTICSP/Vulnerabilities-Related-to-Mini-Programs-Permissions

Releases0

Stars5

Show vulnerabilities related to mini programs permissions by video.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-40180 ↗	Jul 26, 2022Tuesday, 26 July 2022, 23:15	7.5 HIGH	—
In the WeChat application 8.0.10 for Android and iOS, a mini program can obtain sensitive information from a user's address book via wx.searchContacts.
CVE-2021-33057 ↗	Jul 26, 2022Tuesday, 26 July 2022, 23:15	7.5 HIGH	—
The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements (e.g., android.permission.ACCESS_FINE_LOCATION) for determining the device's physical location. An attacker can use qq.createMapContext to create a MapContext object, use MapContext.moveToLocation to move the center of the map to the device's location, and use MapContext.getCenterLocation to get the latitude and longitude of the current map center.