CNNVD-202506-3122 Information
CNNVD ID
CNNVD-202506-3122
Related CVE
- CNNVD Published: 2025-06-24
Description (Chinese)
Allure Report是Allure Framework开源的一个灵活、轻量级的多语言测试报告工具。 Allure Report 2 2.34.1之前版本存在代码问题漏洞,该漏洞源于xunit-xml-plugin未安全配置XML解析器,可能导致XXE攻击。
Description (English)
Allure Report is a flexible, light-weight multilingual testing reporting tool for Allure Framework open source. There was a code problem loophole in the pre-Allure Report 2 2.34.1 version, which originated from the fact that xunit-xml-plugin was not safely configured with an XML solver, which could lead to an XXE attack.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
Allure Framework
Published
2025-06-24
Last Modified
2026-02-24
References
https://github.com/allure-framework/allure2/security/advisories/GHSA-h7qf-qmf3-85qg https://github.com/allure-framework/allure2/commit/cbcb33719851ff70adce85d38e15d20fc58d4eb7 https://access.redhat.com/security/cve/cve-2025-52888
Patch
https://github.com/allure-framework/allure2/releases
Share on: