com.epam.reportportal:service-api@5.3.2 vulnerabilities

latest version

5.11.0
latest non vulnerable version

5.11.0
first published

3 years ago
latest version published

2 months ago
licenses detected
- Apache-2.0
  [2.6.0,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the com.epam.reportportal:service-api package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Allocation of Resources Without Limits or Throttling com.epam.reportportal:service-api is a Report portal. Main API Service Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when the `test_item.path` field is exceeded the allowable `ltree` field type indexing limit. An attacker can cause the ReportPortal database to become unstable and reporting almost fully stops except for small launches with approximately 1 test inside by creating a Launch with too many recursively nested elements. Note: This is only exploitable if the `test_item.path` field is exceeded the allowable `ltree` field type indexing limit. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `com.epam.reportportal:service-api` to version 5.11.0 or higher.	[,5.11.0)
H XML External Entity (XXE) Injection com.epam.reportportal:service-api is a Report portal. Main API Service Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. Starting from version 3.1.0 of the service-api XML parsing was introduced. Unfortunately the XML parser was not configured properly to prevent XML external entity (XXE) attacks. This allows a user to import a specifically-crafted XML file which imports external Document Type Definition (DTD) file with external entities for extraction of secrets from Report Portal service-api module or server-side request forgery. How to fix XML External Entity (XXE) Injection? Upgrade `com.epam.reportportal:service-api` to version 5.4.0 or higher.	[3.1.0,5.4.0)

Allocation of Resources Without Limits or Throttling

com.epam.reportportal:service-api is a Report portal. Main API Service

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when the test_item.path field is exceeded the allowable ltree field type indexing limit. An attacker can cause the ReportPortal database to become unstable and reporting almost fully stops except for small launches with approximately 1 test inside by creating a Launch with too many recursively nested elements.

Note: This is only exploitable if the test_item.path field is exceeded the allowable ltree field type indexing limit.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade com.epam.reportportal:service-api to version 5.11.0 or higher.

[,5.11.0)

XML External Entity (XXE) Injection

com.epam.reportportal:service-api is a Report portal. Main API Service

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. Starting from version 3.1.0 of the service-api XML parsing was introduced. Unfortunately the XML parser was not configured properly to prevent XML external entity (XXE) attacks. This allows a user to import a specifically-crafted XML file which imports external Document Type Definition (DTD) file with external entities for extraction of secrets from Report Portal service-api module or server-side request forgery.

How to fix XML External Entity (XXE) Injection?

Upgrade com.epam.reportportal:service-api to version 5.4.0 or higher.

[3.1.0,5.4.0)

Go back to all versions of this package

com.epam.reportportal:service-api@5.3.2 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities