CRITICAL🇬🇧 English

CVE-2018-1309

CVSS 9.8v3.0pub. 2018-05-23upd. 2024-11-21

Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apache Nifi

    APP
    Apache
    < 1.6.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2017-15697CRITICAL9.8ten sam produkt

A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code co...

CVE-2017-5636CRITICAL9.8ten sam produkt

In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deser...

CVE-2026-44914HIGH7.5ten sam produkt

Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extensio...

CVE-2026-39816HIGH7.5ten sam produkt

The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute ...

CVE-2026-25903HIGH8.7ten sam produkt

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension ...