12 matches found
EUVD-2023-0724
Malicious code in bioql PyPI...
BIT-NIFI-2023-22832 Apache NiFi: Improper Restriction of XML External Entity References in ExtractCCDAAttributes
The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity...
CVE-2023-22832
The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity...
XML External Entity (XXE)
org.apache.nifi:nifi-ccda-processors is vulnerable to XML External Entity XXE. An attacker is able to provide malicious XML input containing a reference to an external entity due to improper flow configurations in the ExtractCCDAAttributes Processor...
XML External Entity Reference in Apache NiFi
The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity...
GHSA-HXJP-Q6C3-38FX XML External Entity Reference in Apache NiFi
The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity...
CVE-2023-22832
The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity...
CVE-2023-22832
The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity...
Xxe
The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity...
CVE-2023-22832 Apache NiFi: Improper Restriction of XML External Entity References in ExtractCCDAAttributes
The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity...
CVE-2023-22832
CVE-2023-22832 affects Apache NiFi: ExtractCCDAAttributes Processor (versions 1.2.0–1.19.1). The issue is improper handling of XML External Entity (XXE) references via XML Document Type Declarations, enabling attacks from malicious XML documents. The documented impact is high confidentiality risk...
CVE-2023-22832 Apache NiFi: Improper Restriction of XML External Entity References in ExtractCCDAAttributes
The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity...