Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-1309 Vulnerability in maven package org.apache.nifi:nifi-standard-processors

Description

Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

Remediation

References

https://nifi.apache.org/security.html#CVE-2018-1309

Related Vulnerabilities

CVE-2016-2175 Vulnerability in maven package org.apache.pdfbox:pdfbox

CVE-2016-3092 Vulnerability in maven package org.apache.tomcat:tomcat-util

CVE-2019-10749 Vulnerability in npm package sequelize

CVE-2020-4051 Vulnerability in maven package org.webjars.npm:dijit

CVE-2017-16003 Vulnerability in npm package windows-build-tools

Severity

Critical

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Patch Vendor Advisory