com.hcl.commerce:commerce-search-processors (>=9.1.12.0 <=9.1.15.0), org.apache.nifi.minifi:minifi-assembly (>=1.14.0 <=1.22.0) +7 more potentially affected by CVE-2023-36542 via org.apache.nifi:nifi-standard-processors (>=0.1.0-incubating <=1.22.0)

org.apache.nifi:nifi-standard-processors MAVEN version =0.1.0-incubating, =9.1.12.0, =1.14.0, =1.14.0, =1.14.0, =0.1.0-incubating, =1.15.0, =1.14.0, =1.22.0 - org.apache.plc4x:plc4j-nifi-plc4x-nar =0.10.0 - org.apache.plc4x:plc4j-nifi-plc4x-processors =0.10.0 Source cves: CVE-2023-36542 Source...

com.hcl.commerce:commerce-search-processors (>=9.1.12.0 <=9.1.15.0), org.apache.nifi.minifi:minifi-assembly (>=1.14.0 <=1.28.1) +8 more potentially affected by CVE-2018-1309 via org.apache.nifi:nifi-standard-processors (>=0.2.0-incubating <=1.28.1)

org.apache.nifi:nifi-standard-processors MAVEN version =0.2.0-incubating, =9.1.12.0, =1.14.0, =1.14.0, =1.14.0, =0.2.0-incubating, =1.24.0, =1.15.0, =1.14.0, =0.10.0, =0.10.0, =0.12.0 Source cves: CVE-2018-1309 Source advisory: OSV:GHSA-42WX-65G4-5CXV...

XML External Entity (XXE) Injection

NiFi Standard Processors is vulnerable to xml external entity injection. The vulnerability exists in multiple components because EvaluateXPath, EvaluateXQuery and ValidateXml processors do not restrict XXE references when configured with default values which allows an attacker to send malicious X...

XML External Entities (XXE)

nifi-standard-processors is vulnerable to XML external entities XXE attacks. The vulnerability exists due to the lack of proper default configuration which disables external entities by default, allowing XXE attacks to occur...