XML External Entity Reference

2021-08-1315:21:59

CWE-611

GitHub Advisory Database

github.com

service-api

report portal

xxe

secrets disclosure

ssrf

junit xml

JSON

An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import.

Affected configurations

Vulners

Node

com.epam.reportportal\serviceMatchapi

References

github.com/advisories/GHSA-7qfm-6m33-rgg9

github.com/reportportal/reportportal/blob/master/SECURITY_ADVISORIES.md

nvd.nist.gov/vuln/detail/CVE-2020-12642

JSON