Apache NiFi is a data processing and distribution system from the Apache Foundation in the United States. Apache NiFi versions 1.2.0 through 1.19.1 are vulnerable to an XML external entity injection vulnerability that stems from a failure to restrict XML external entity references. A remote attacker could exploit the vulnerability by sending a specially crafted XML file to read the file.
CPE | Name | Operator | Version |
---|---|---|---|
apache apache nifi >=1.2.0, | le | 1.19.1 |