CVE-2021-44145

Опубликовано: 17 дек. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.

Ссылки

http://www.openwall.com/lists/oss-security/2021/12/17/1
Mailing List
Third Party Advisory
https://nifi.apache.org/security.html#1.15.1-vulnerabilities
Vendor Advisory
http://www.openwall.com/lists/oss-security/2021/12/17/1
Mailing List
Third Party Advisory
https://nifi.apache.org/security.html#1.15.1-vulnerabilities
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*

Версия от 0.1.0 (включая) до 1.15.1 (исключая)

EPSS

Процентиль: 38%

0.00166

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-rq96-qhc5-vm4r