XML External Entity Reference
High severity
GitHub Reviewed
Published
Aug 13, 2021
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Package
Affected versions
< 4.3.12
>= 5.0.0, < 5.1.1
Patched versions
4.3.12
5.1.1
Description
Reviewed
Jun 28, 2021
Published to the GitHub Advisory Database
Aug 13, 2021
Last updated
Jan 9, 2023
An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import.
References