CVE-2021-44145 Vulnerability in maven package org.apache.nifi:nifi

Description

In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.

Remediation

References

http://www.openwall.com/lists/oss-security/2021/12/17/1

https://nifi.apache.org/security.html#1.15.1-vulnerabilities

Related Vulnerabilities

CVE-2023-31103 Vulnerability in maven package org.apache.inlong:manager-test

CVE-2022-25168 Vulnerability in maven package org.apache.hadoop:hadoop-common

CVE-2021-45046 Vulnerability in maven package org.apache.logging.log4j:log4j-core

CVE-2021-41182 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui

CVE-2020-28502 Vulnerability in npm package xmlhttprequest-ssl

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N