CVE-2021-44145 Vulnerability in maven package org.apache.nifi:nifi

Description

In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.

Remediation

References

http://www.openwall.com/lists/oss-security/2021/12/17/1

https://nifi.apache.org/security.html#1.15.1-vulnerabilities

Related Vulnerabilities

CVE-2020-2162 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2019-13173 Vulnerability in npm package fstream

CVE-2018-16487 Vulnerability in maven package org.webjars.npm:lodash.mergewith

CVE-2018-15494 Vulnerability in maven package org.webjars.bowergithub.dojo:dojox

CVE-2020-7788 Vulnerability in maven package org.webjars.npm:ini

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N