3 matches found
CVE-2025-52888
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...
CVE-2025-52888
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...
CVE-2025-52888
CVE-2025-52888 affects Allure 2’s xunit-xml-plugin (pre-2.34.1). The vulnerability arises from insecure configuration of the XML parser (DocumentBuilderFactory), allowing external entity expansion during processing of test result XML files. Impact: arbitrary file disclosure and potential SSRF. Re...