CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2018-1309

CVSS 9.8v3.0pub. 2018-05-23upd. 2024-11-21

Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apache Nifi

    APP
    Apache
    < 1.6.0
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2017-15697CRITICAL9.8ten sam produkt

A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code co...

CVE-2017-5636CRITICAL9.8ten sam produkt

In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deser...

CVE-2026-44914HIGH7.5ten sam produkt

Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extensio...

CVE-2026-39816HIGH7.5ten sam produkt

The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute ...

CVE-2026-25903HIGH8.7ten sam produkt

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension ...

CVE-2018-1309 β€” Apache β€” Nifi β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl