Lucene search
GoogleOSV:GHSA-RQ96-QHC5-VM4RHistoryJan 05, 2022 - 5:33 p.m.
Exposure of Sensitive Information to an Unauthorized Actor in Apache NiFi
2022-01-0517:33:32
Google
osv.dev
11
apache nifi
transformxml
sensitive information
unauthorized actor
xslt file
external entity calls
EPSS
0.001
Percentile
17.4%
In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.
Related
cvelist
cvelist
CVE-2021-44145 Apache NiFi information disclosure by XXE
2021-12-17 08:50:09
nvd
nvd
CVE-2021-44145
2021-12-17 09:15:07
prion
prion
Xxe
2021-12-17 09:15:00
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Apache NiFi
2022-01-05 17:33:32
veracode
veracode
XML External Entity (XXE) Injection
2021-12-20 02:55:12
cnvd
cnvd
Apache NiFi Code Issue Vulnerability (CNVD-2021-102797)
2021-12-21 00:00:00
osv
osv
CVE-2021-44145
2021-12-17 09:15:07
cve
cve
CVE-2021-44145
2021-12-17 09:15:07