VYPR

Packagist (Composer) package

yansongda/pay

pkg:composer/yansongda/pay

Vulnerabilities (1)

  • CVE-2026-33661HigMar 26, 2026
    affected < 3.7.20fixed 3.7.20

    Pay is an open-source payment SDK extension package for various Chinese payment services. Prior to version 3.7.20, the `verify_wechat_sign()` function in `src/Functions.php` unconditionally skips all signature verification when the PSR-7 request reports `localhost` as the host. A