An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| com.epam.reportportal:service-api(Maven) | 3.1.0 | 4.3.12 | N/A |
| com.epam.reportportal:service-api(Maven) | 5.0.0 | 5.1.1 | N/A |
CVSS Metrics
