EUVD-2022-0689

Malicious code in bioql PyPI...

BIT-NIFI-2021-44145 Apache NiFi information disclosure by XXE

In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information...

XML External Entity Reference in edu.stanford.nlp:stanford-corenlp

The TransformXML function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks...

GHSA-MH83-JCW5-RJH8 XML External Entity Reference in edu.stanford.nlp:stanford-corenlp

The TransformXML function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks...

Exposure of Sensitive Information to an Unauthorized Actor in Apache NiFi

In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information...

GHSA-RQ96-QHC5-VM4R Exposure of Sensitive Information to an Unauthorized Actor in Apache NiFi

In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information...

Apache NiFi code issue vulnerability (CNVD-2021-102797)

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation and system intermediary logic. A code issue vulnerability exists in Apache NiFi's TransformXML, which stems from a vulnerability in Apache NiFi's...

CVE-2021-44145

In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information...

CVE-2021-44145

In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information...

Xxe

In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information...

CVE-2021-44145

CVE-2021-44145 affects the Apache NiFi TransformXML processor (before 1.15.1). An authenticated user could configure an XSLT file that contains external entity calls, potentially revealing sensitive information due to an XXE. The issue is documented across multiple sources, with remediation advis...

Apache NiFi 信息泄露漏洞

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation and system intermediary logic. A code issue vulnerability exists in Apache NiFi's TransformXML, which stems from a vulnerability in Apache NiFi's...