WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2017-12623 Vulnerability in maven package org.apache.nifi:nifi-security-utils

Description

An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

Remediation

References

https://nifi.apache.org/security.html#CVE-2017-12623

Related Vulnerabilities

CVE-2023-37911 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2022-23974 Vulnerability in maven package org.apache.pinot:pinot-server

CVE-2015-8315 Vulnerability in maven package org.webjars.npm:ms

CVE-2022-25312 Vulnerability in maven package org.apache.any23:apache-any23

CVE-2015-5204 Vulnerability in npm package cordova-plugin-file-transfer

Severity

High

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory