Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApache Nifi
APPApache< 1.6.0
Related vulnerabilities
A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code co...
In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deser...
Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extensio...
The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute ...
Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension ...