Lucene search
ApacheCVELIST:CVE-2023-22832HistoryFeb 10, 2023 - 7:45 a.m.
CVE-2023-22832 Apache NiFi: Improper Restriction of XML External Entity References in ExtractCCDAAttributes
2023-02-1007:45:36
CWE-611
apache
www.cve.org
4
cve-2023-22832
apache nifi
xml external entity
restriction
extractccdaattributes
EPSS
0.001
Percentile
47.9%
The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references.
Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references.
The resolution disables Document Type Declarations and disallows XML External Entity resolution in the ExtractCCDAAttributes Processor.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache NiFi",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.19.1",
"status": "affected",
"version": "1.2.0",
"versionType": "semver"
}
]
}
]Related
github
github
XML External Entity Reference in Apache NiFi
2023-02-10 09:30:23
cnvd
cnvd
Apache NiFi XML External Entity Injection Vulnerability (CNVD-2023-23555)
2023-02-15 00:00:00
nvd
nvd
CVE-2023-22832
2023-02-10 08:15:12
veracode
veracode
XML External Entity (XXE)
2023-02-14 07:32:27
osv
osv
XML External Entity Reference in Apache NiFi
2023-02-10 09:30:23
CVE-2023-22832
2023-02-10 08:15:12
prion
prion
Xxe
2023-02-10 08:15:00
cve
cve
CVE-2023-22832
2023-02-10 08:15:12