Lucene search
ApacheCVELIST:CVE-2021-44145HistoryDec 17, 2021 - 8:50 a.m.
CVE-2021-44145 Apache NiFi information disclosure by XXE
2021-12-1708:50:09
apache
www.cve.org
0.0005 Low
EPSS
Percentile
17.6%
In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.
CNA Affected
[
{
"product": "Apache NiFi",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.15.0",
"status": "affected",
"version": "Apache NiFi",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2021-44145
2021-12-17 09:15:07
prion
prion
Xxe
2021-12-17 09:15:00
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Apache NiFi
2022-01-05 17:33:32
cve
cve
CVE-2021-44145
2021-12-17 09:15:07
veracode
veracode
XML External Entity (XXE) Injection
2021-12-20 02:55:12
osv
osv
Exposure of Sensitive Information to an Unauthorized Actor in Apache NiFi
2022-01-05 17:33:32
CVE-2021-44145
2021-12-17 09:15:07
cnvd
cnvd
Apache NiFi Code Issue Vulnerability (CNVD-2021-102797)
2021-12-21 00:00:00