WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-1309 Vulnerability in maven package org.apache.nifi:nifi-standard-processors

Description

Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

Remediation

References

https://nifi.apache.org/security.html#CVE-2018-1309

Related Vulnerabilities

CVE-2019-0201 Vulnerability in maven package org.apache.zookeeper:zookeeper

CVE-2018-20164 Vulnerability in npm package uap-core

CVE-2020-15095 Vulnerability in maven package org.webjars.npm:npm

CVE-2017-16038 Vulnerability in npm package f2e-server

CVE-2023-36470 Vulnerability in maven package org.xwiki.platform:xwiki-platform-icon-default

Severity

Critical

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Patch Vendor Advisory