EUVD-2021-1243

Malware in sbrugna...

XML External Entity Reference

An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import...

GHSA-7QFM-6M33-RGG9 XML External Entity Reference

An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import...

XXE vulnerability in Launch import

| Release Date | Affected Projects | Affected Versions | Access Vector| Security Risk | |--------------|-------------------|-------------------|---------------|---------------| | Monday, May 4, 2020| service-api | Every version, starting from 3.1.0 | Remote | Medium | Impact Starting from version...

GHSA-2JX8-V4HV-GX3H XXE vulnerability in Launch import

| Release Date | Affected Projects | Affected Versions | Access Vector| Security Risk | |--------------|-------------------|-------------------|---------------|---------------| | Monday, May 4, 2020| service-api | Every version, starting from 3.1.0 | Remote | Medium | Impact Starting from version...

XXE vulnerability on Launch import with externally-defined DTD file

Impact Starting from version 3.1.0 we introduced a new feature of JUnit XML launch import. Unfortunately XML parser was not configured properly to prevent XML external entity XXE attacks. This allows a user to import a specifically-crafted XML file which imports external Document Type Definition...

GHSA-24WF-7VF2-PV59 XXE vulnerability on Launch import with externally-defined DTD file

Impact Starting from version 3.1.0 we introduced a new feature of JUnit XML launch import. Unfortunately XML parser was not configured properly to prevent XML external entity XXE attacks. This allows a user to import a specifically-crafted XML file which imports external Document Type Definition...

CVE-2020-12642

An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import...

CVE-2020-12642

An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import...

Server side request forgery (ssrf)

An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import...

CVE-2020-12642

An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import...