WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2017-12623 Vulnerability in maven package org.apache.nifi:nifi-security-utils

Description

An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

Remediation

References

https://nifi.apache.org/security.html#CVE-2017-12623

Related Vulnerabilities

CVE-2020-2285 Vulnerability in maven package org.jenkins-ci.plugins:liquibase-runner

CVE-2020-27216 Vulnerability in maven package org.eclipse.jetty:jetty-webapp

CVE-2022-41251 Vulnerability in maven package org.jenkins-ci.plugins:apprenda

CVE-2021-21613 Vulnerability in maven package io.jenkins.plugins:tics

CVE-2021-3827 Vulnerability in maven package org.keycloak:keycloak-server-spi-private

Severity

High

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory