Description
In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.
Remediation
References
http://www.openwall.com/lists/oss-security/2021/12/17/1
https://nifi.apache.org/security.html#1.15.1-vulnerabilities
Related Vulnerabilities
CVE-2021-23358 Vulnerability in maven package org.webjars.npm:underscore
CVE-2022-31069 Vulnerability in npm package @ffdc/nestjs-proxy
CVE-2019-12418 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2022-45693 Vulnerability in maven package org.codehaus.jettison:jettison
CVE-2022-24721 Vulnerability in maven package org.cometd.java:cometd-java-oort