12 matches found
CVE-2026-33166
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file -result.json,...
CVE-2026-33166 Allure Report has an Arbitrary File Read via Path Traversal in Attachment Processing (Allure 1, Allure 2, and XCTest Readers)
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file -result.json,...
CVE-2026-33166 Allure Report has an Arbitrary File Read via Path Traversal in Attachment Processing (Allure 1, Allure 2, and XCTest Readers)
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file -result.json,...
CVE-2026-33166
CVE-2026-33166 (Allure Report path traversal): Allure 2.x prior to 2.38.0 is vulnerable to arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file (-result.json, -container.json, or .plist) that points an attachment source to a sensitive ...
CVE-2026-33166 Allure Report has an Arbitrary File Read via Path Traversal in Attachment Processing (Allure 1, Allure 2, and XCTest Readers)
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file -result.json,...
Allure Report 路径遍历漏洞
Allure Report is a flexible and lightweight multi-language test report tool developed under the Allure Framework. Versions of Allure Report prior to 2.38.0 contained a path traversal vulnerability. This vulnerability stemmed from issues with path traversal during the processing of test results,...
EUVD-2025-19057
Malicious code in bioql PyPI...
CVE-2025-52888
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...
CVE-2025-52888
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...
CVE-2025-52888 Allure 2's xunit-xml-plugin Vulnerable to Improper XXE Restriction
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...
CVE-2025-52888 Allure 2's xunit-xml-plugin Vulnerable to Improper XXE Restriction
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...
Allure Report 代码问题漏洞
Allure Report is a flexible, lightweight, multi-language test reporting tool from the Allure Framework open source. A code issue vulnerability exists in Allure Report 2 versions prior to 2.34.1, which stems from xunit-xml-plugin not securely configuring the XML parser, which could lead to XXE...