Lucene search
+L

9 matches found

OSV
OSV
added 2019/12/02 6:17 p.m.19 views

GHSA-744R-VV2G-2X6G Apache NiFi information disclosure by XXE

The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE and reveal information such as the versions of Java, Jersey, and Apache that the NiFI...

6.5CVSS6.4AI score0.02258EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2019/12/02 6:17 p.m.87 views

Apache NiFi information disclosure by XXE

The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE and reveal information such as the versions of Java, Jersey, and Apache that the NiFI...

6.5CVSS4.1AI score0.02258EPSS
Exploits0References6Affected Software2
CNVD
CNVD
added 2019/11/21 12:0 a.m.3 views

Apache NiFi Code Issue Vulnerability

Apache NiFi is a data processing and distribution system of the American Apache Apache Software Foundation. The system is primarily used for data routing, transformation and system intermediary logic. A code issue vulnerability exists in the XMLFileLookupService in Apache NiFi versions 1.3.0...

6.5CVSS9.2AI score0.02258EPSS
Exploits0References1
Veracode
Veracode
added 2019/11/20 2:26 a.m.23 views

XML External Entities (XXE)

nifi-lookup-services is vulnerable to XML external entities XXE. The vulnerability exists as the XMLFileLookupService allowed trusted users to use a malicious XML file to cause information such as the versions of Java, Jersey, and Apache to be revealed...

6.5CVSS3.9AI score0.02258EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2019/11/19 10:15 p.m.23 views

CVE-2019-10080

The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE and reveal information such as the versions of Java, Jersey, and Apache that the NiFI...

6.5CVSS6.4AI score0.02258EPSS
Exploits0References3
NVD
NVD
added 2019/11/19 10:15 p.m.34 views

CVE-2019-10080

The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE and reveal information such as the versions of Java, Jersey, and Apache that the NiFI...

6.5CVSS6.3AI score0.02258EPSS
Exploits0References3
Prion
Prion
added 2019/11/19 10:15 p.m.22 views

Information disclosure

The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE and reveal information such as the versions of Java, Jersey, and Apache that the NiFI...

4CVSS6.4AI score0.02258EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/11/19 9:32 p.m.128 views

CVE-2019-10080

Summary (CVE-2019-10080) : In Apache NiFi, the XMLFileLookupService vulnerability affects NiFi versions 1.3.0–1.9.2, where trusted users could configure a malicious XML file that can perform external calls via XXE and disclose information about the NiFi environment (e.g., Java, Jersey, and Apache...

6.5CVSS6.3AI score0.02258EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/11/19 9:32 p.m.31 views

CVE-2019-10080

The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE and reveal information such as the versions of Java, Jersey, and Apache that the NiFI...

6.5AI score0.02258EPSS
Exploits0References3
Rows per page
Query Builder