Количество 2
Количество 2
CVE-2023-22832
The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations and disallows XML External Entity resolution in the ExtractCCDAAttributes Processor.
GHSA-hxjp-q6c3-38fx
XML External Entity Reference in Apache NiFi
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-22832 The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations and disallows XML External Entity resolution in the ExtractCCDAAttributes Processor. | CVSS3: 7.5 | 0% Низкий | почти 3 года назад |
| GHSA-hxjp-q6c3-38fx XML External Entity Reference in Apache NiFi | CVSS3: 7.5 | 0% Низкий | почти 3 года назад |
Уязвимостей на страницу