Количество 2
Количество 2
CVE-2020-13940
In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE).
GHSA-q4xf-3pmq-3hw8
Improper Restriction of XML External Entity Reference in Apache NiFi
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-13940 In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE). | CVSS3: 5.5 | 2% Низкий | больше 5 лет назад |
| GHSA-q4xf-3pmq-3hw8 Improper Restriction of XML External Entity Reference in Apache NiFi | CVSS3: 5.5 | 2% Низкий | около 4 лет назад |
Уязвимостей на страницу