[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2021-44145: Apache NiFi information disclosure by XXE
From: Nathan Gough <thenatog () apache ! org>
Date: 2021-12-17 0:01:33
Message-ID: CAEhjM2Am_ixc+KirjdR_i+=6pw+bjixDBN34dBXhEDpRjO9ArQ () mail ! gmail ! com
[Download RAW message or body]
Severity: Low
Description:
In the TransformXML processor an authenticated user could configure an
XSLT file which, if it included malicious external entity calls, may
reveal sensitive information.
This issue is being tracked as NIFI-9399
Credit:
This issue was discovered by DangKhai at Viettel Cyber Security.
References:
https://nifi.apache.org/security.html#1.15.1-vulnerabilities
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic