Описание
Improper Restriction of XML External Entity Reference in Apache NiFi
In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE).
Пакеты
Наименование
org.apache.nifi:nifi
maven
Затронутые версииВерсия исправления
>= 1.0.0, <= 1.11.4
1.12.0-RC1
Связанные уязвимости
CVSS3: 5.5
nvd
больше 5 лет назад
In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE).