Lucene search
China National Vulnerability DatabaseCNVD-2023-23555HistoryFeb 15, 2023 - 12:00 a.m.
Apache NiFi XML External Entity Injection Vulnerability (CNVD-2023-23555)
2023-02-1500:00:00
China National Vulnerability Database
www.cnvd.org.cn
5
apache nifi
data processing
distributed system
xml
external entity injection
vulnerability
apache foundation
united states
remote attacker
xml file
cnvd-2023-23555
0.001 Low
EPSS
Percentile
48.4%
Apache NiFi is a data processing and distribution system from the Apache Foundation in the United States. Apache NiFi versions 1.2.0 through 1.19.1 are vulnerable to an XML external entity injection vulnerability that stems from a failure to restrict XML external entity references. A remote attacker could exploit the vulnerability by sending a specially crafted XML file to read the file.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache apache nifi >=1.2.0, | le | 1.19.1 |
Related
github
github
XML External Entity Reference in Apache NiFi
2023-02-10 09:30:23
nvd
nvd
CVE-2023-22832
2023-02-10 08:15:12
cve
cve
CVE-2023-22832
2023-02-10 08:15:12
prion
prion
Xxe
2023-02-10 08:15:00
osv
osv
CVE-2023-22832
2023-02-10 08:15:12
XML External Entity Reference in Apache NiFi
2023-02-10 09:30:23
cvelist
cvelist
veracode
veracode
XML External Entity (XXE)
2023-02-14 07:32:27