[XRAY-4738] XXE vulnerability at XML result import (Test Run Result field) - Xblend Issue Tracker

Xporter

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Done
Affects Version/s: R3.6.1, R3.6.2, R3.5.3, R3.6.0, R3.5.5
Fix Version/s: 3.6.3
Component/s: Import Execution Results, REST_API, Security
Labels:
- security_vulnerability_critical

Requirement Status:
NOTRUN
- 1

Description

There is an XXE vulnerability while using any of XML format the import/execution/* endpoints.

Attachments

Issue Links

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(17 mentioned in)

Activity

People

Assignee:: Isabel Moreira [X] (Inactive)

Reporter:: Hugo Braz [X] (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 27/Nov/19 11:06 AM

Updated:: 09/Sep/24 10:08 PM

Resolved:: 10/Mar/20 3:47 PM

Time Tracking

Estimated:

0m

Remaining:

0m

Logged:

1d 5h 40m