WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-1309 Vulnerability in maven package org.apache.nifi:nifi-standard-processors

Description

Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

Remediation

References

https://nifi.apache.org/security.html#CVE-2018-1309

Related Vulnerabilities

CVE-2023-25157 Vulnerability in maven package org.geoserver.community:gs-jdbcconfig

CVE-2023-40343 Vulnerability in maven package io.jenkins.plugins:tuleap-oauth

CVE-2023-40028 Vulnerability in npm package ghost

CVE-2022-35924 Vulnerability in npm package next-auth

CVE-2018-3721 Vulnerability in npm package lodash._basemerge

Severity

Critical

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Patch Vendor Advisory