Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2017-12623 Vulnerability in maven package org.apache.nifi:nifi-security-utils

Description

An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

Remediation

References

https://nifi.apache.org/security.html#CVE-2017-12623

Related Vulnerabilities

CVE-2020-1938 Vulnerability in maven package org.apache.tomcat:tomcat-util

CVE-2019-17566 Vulnerability in maven package org.apache.xmlgraphics:batik-svgrasterizer

CVE-2015-3337 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2018-17145 Vulnerability in npm package bcoin

CVE-2019-1003061 Vulnerability in maven package org.jenkins-ci.plugins:jenkins-cloudformation-plugin

Severity

High

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory