3 matches found
BIT-NIFI-2020-13940
In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE...
CVE-2020-13940
In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE...
XML External Entity (XXE)
nifi-framework-api is vulnerable to XML external entity XXE attack. An attacker is able to submit requests on behalf of the server via an XXE attack as the notification service manager and various policy authorizer and user group provider objects allow trusted administrators to inadvertently...