2 matches found
com.hcl.commerce:commerce-search-processors (>=9.1.12.0 <=9.1.15.0), org.apache.nifi.minifi:minifi-assembly (>=1.14.0 <=1.28.1) +8 more potentially affected by CVE-2018-1309 via org.apache.nifi:nifi-standard-processors (>=0.2.0-incubating <=1.28.1)
org.apache.nifi:nifi-standard-processors MAVEN version =0.2.0-incubating, =9.1.12.0, =1.14.0, =1.14.0, =1.14.0, =0.2.0-incubating, =1.24.0, =1.15.0, =1.14.0, =0.10.0, =0.10.0, =0.12.0 Source cves: CVE-2018-1309 Source advisory: OSV:GHSA-42WX-65G4-5CXV...
CVE-2018-1309
Apache NiFi SplitXML processor is affected by an XML External Entity (XXE) vulnerability. Malicious XML content can lead to information disclosure or remote code execution. The issue arises from handling external entities and DOCTYPE processing; mitigation implemented in NiFi 1.6.0 disables exter...