Lucene search
ApacheCVELIST:CVE-2019-10080HistoryNov 19, 2019 - 9:32 p.m.
CVE-2019-10080
2019-11-1921:32:11
apache
www.cve.org
The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the versions of Java, Jersey, and Apache that the NiFI instance uses.
CNA Affected
[
{
"product": "Apache NiFi",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Apache NiFi 1.3.0 to 1.9.2"
}
]
}
]Related
veracode
veracode
XML External Entities (XXE)
2019-11-20 02:26:57
github
github
Apache NiFi information disclosure by XXE
2019-12-02 18:17:36
cve
cve
CVE-2019-10080
2019-11-19 22:15:11
prion
prion
Information disclosure
2019-11-19 22:15:00
osv
osv
Apache NiFi information disclosure by XXE
2019-12-02 18:17:36
CVE-2019-10080
2019-11-19 22:15:11
nvd
nvd
CVE-2019-10080
2019-11-19 22:15:11
oracle
oracle
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00