com.hcl.commerce:commerce-search-processors (>=9.1.12.0 <=9.1.15.0), org.apache.nifi.minifi:minifi-assembly (>=1.14.0 <=1.22.0) +7 more potentially affected by CVE-2023-36542 via org.apache.nifi:nifi-standard-processors (>=0.1.0-incubating <=1.22.0)

org.apache.nifi:nifi-standard-processors MAVEN version =0.1.0-incubating, =9.1.12.0, =1.14.0, =1.14.0, =1.14.0, =0.1.0-incubating, =1.15.0, =1.14.0, =1.22.0 - org.apache.plc4x:plc4j-nifi-plc4x-nar =0.10.0 - org.apache.plc4x:plc4j-nifi-plc4x-processors =0.10.0 Source cves: CVE-2023-36542 Source...

com.hcl.commerce:commerce-search-processors (>=9.1.12.0 <=9.1.15.0), org.apache.nifi.minifi:minifi-assembly (>=1.14.0 <=1.28.1) +8 more potentially affected by CVE-2018-1309 via org.apache.nifi:nifi-standard-processors (>=0.2.0-incubating <=1.28.1)

org.apache.nifi:nifi-standard-processors MAVEN version =0.2.0-incubating, =9.1.12.0, =1.14.0, =1.14.0, =1.14.0, =0.2.0-incubating, =1.24.0, =1.15.0, =1.14.0, =0.10.0, =0.10.0, =0.12.0 Source cves: CVE-2018-1309 Source advisory: OSV:GHSA-42WX-65G4-5CXV...

XML External Entities (XXE)

nifi-standard-processors is vulnerable to XML external entities XXE attacks. The vulnerability exists due to the lack of proper default configuration which disables external entities by default, allowing XXE attacks to occur...