Количество 2
Количество 2
CVE-2025-52888
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity (XXE) vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser (`DocumentBuilderFactory`) and allows external entity expansion when processing test result .xml files. This allows attackers to read arbitrary files from the file system and potentially trigger server-side request forgery (SSRF). Version 2.34.1 contains a patch for the issue.
GHSA-h7qf-qmf3-85qg
Allure Report allows Improper XXE Restriction via DocumentBuilderFactory
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-52888 Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity (XXE) vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser (`DocumentBuilderFactory`) and allows external entity expansion when processing test result .xml files. This allows attackers to read arbitrary files from the file system and potentially trigger server-side request forgery (SSRF). Version 2.34.1 contains a patch for the issue. | CVSS3: 7.5 | 0% Низкий | 8 месяцев назад |
| GHSA-h7qf-qmf3-85qg Allure Report allows Improper XXE Restriction via DocumentBuilderFactory | CVSS3: 7.5 | 0% Низкий | 8 месяцев назад |
Уязвимостей на страницу