9 matches found
EUVD-2025-19057
Malicious code in bioql PyPI...
XML External Entity (XXE) Injection
Allure is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper XML parser configuration due to insecure settings in the xunit-xml-plugin that allow external entity expansion when processing .xml test result files...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to the DocumentBuilderFactory used in the XunitXmlPlugin.java file, which is used without disabling DTDs or external entities.. An attacker can access arbitrary files on the file system or initiate...
CVE-2025-52888
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...
CVE-2025-52888 Allure 2's xunit-xml-plugin Vulnerable to Improper XXE Restriction
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...
CVE-2025-52888 Allure 2's xunit-xml-plugin Vulnerable to Improper XXE Restriction
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...
CVE-2025-52888 Allure 2's xunit-xml-plugin Vulnerable to Improper XXE Restriction
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...
CVE-2025-52888
CVE-2025-52888 affects Allure 2’s xunit-xml-plugin (pre-2.34.1). The vulnerability arises from insecure configuration of the XML parser (DocumentBuilderFactory), allowing external entity expansion during processing of test result XML files. Impact: arbitrary file disclosure and potential SSRF. Re...
PT-2025-26776 · Unknown +1 · Xunit-Xml-Plugin +1
Name of the Vulnerable Software and Affected Versions: Allure 2 versions prior to 2.34.1 Description: A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2. The plugin fails to securely configure the XML parser DocumentBuilderFactory and allows external...