CVE-2021-44145 Vulnerability in maven package org.apache.nifi:nifi

Description

In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.

Remediation

References

http://www.openwall.com/lists/oss-security/2021/12/17/1

https://nifi.apache.org/security.html#1.15.1-vulnerabilities

Related Vulnerabilities

CVE-2019-14517 Vulnerability in maven package org.webjars.npm:editor.md

CVE-2022-23223 Vulnerability in maven package org.apache.shenyu:shenyu-common

CVE-2018-1000192 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2022-31180 Vulnerability in npm package shescape

CVE-2019-1003071 Vulnerability in maven package hudson.plugins.octopusdeploy:octopusdeploy

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N