Description
In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.
Remediation
References
http://www.openwall.com/lists/oss-security/2021/12/17/1
https://nifi.apache.org/security.html#1.15.1-vulnerabilities
Related Vulnerabilities
CVE-2019-16772 Vulnerability in maven package org.webjars.npm:serialize-javascript
CVE-2019-10285 Vulnerability in maven package org.jenkins-ci.plugins:minio-storage
CVE-2020-28495 Vulnerability in npm package total.js
CVE-2020-12827 Vulnerability in npm package mjml
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http_2.12