oss-sec mailing list archives
CVE-2021-44145: Apache NiFi information disclosure by XXE
From: Nathan Gough <thenatog () apache org>
Date: Thu, 16 Dec 2021 19:01:33 -0500
Severity: Low Description: In the TransformXML processor an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information. This issue is being tracked as NIFI-9399 Credit: This issue was discovered by DangKhai at Viettel Cyber Security. References: https://nifi.apache.org/security.html#1.15.1-vulnerabilities
Current thread:
- CVE-2021-44145: Apache NiFi information disclosure by XXE Nathan Gough (Dec 16)