WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-1309 Vulnerability in maven package org.apache.nifi:nifi-standard-processors

Description

Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

Remediation

References

https://nifi.apache.org/security.html#CVE-2018-1309

Related Vulnerabilities

CVE-2018-14042 Vulnerability in npm package bootstrap-sass

CVE-2005-4849 Vulnerability in maven package org.apache.derby:derby

CVE-2019-10799 Vulnerability in npm package compile-sass

CVE-2023-38704 Vulnerability in npm package import-in-the-middle

CVE-2023-46233 Vulnerability in maven package org.webjars.npm:crypto-js

Severity

Critical

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Patch Vendor Advisory