2 matches found
GHSA-64HM-GFWQ-JPPW Allure Report has an Arbitrary File Read via Path Traversal in Attachment Processing (Allure 1, Allure 2, and XCTest Readers)
Summary The Allure report generator is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file -result.json, -container.json, or .plist that points an attachment source to a sensitive file on the host system. During repor...
The vulnerability of Elasticsearch’ search engine, a software platform based on Git for collaborative code development on GitLab, allows a hacker to trigger a service failure.
The vulnerability of Elasticsearch, a software platform based on Git for collaborative code development on GitLab, is related to an uncontrolled resource consumption during the processing of search results. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...