Description
In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.
Remediation
References
https://nifi.apache.org/security.html#1.15.1-vulnerabilities
http://www.openwall.com/lists/oss-security/2021/12/17/1
Related Vulnerabilities
CVE-2020-2199 Vulnerability in maven package org.jenkins-ci.plugins:subversion
CVE-2014-3600 Vulnerability in maven package org.apache.activemq:activemq-client
CVE-2015-8103 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2022-1330 Vulnerability in maven package org.webjars.bowergithub.alvarotrigo:fullpage.js
CVE-2014-7810 Vulnerability in maven package org.apache.tomcat:jasper