CVE-2021-44145: Apache NiFi information disclosure by XXE

[Nathan Gough <thenatog () apache org>]

Severity: Low

Description:

In the TransformXML processor an authenticated user could configure an
XSLT file which, if it included malicious external entity calls, may
reveal sensitive information.

This issue is being tracked as NIFI-9399

Credit:

This issue was discovered by DangKhai at Viettel Cyber Security.

References:
https://nifi.apache.org/security.html#1.15.1-vulnerabilities