2 matches found
CVE-2018-1310
CVE-2018-1310 affects Apache NiFi via JMS deserialization tied to the ActiveMQ client vulnerability CVE-2015-5254. The issue arises from deserializing untrusted JMS content, enabling denial of service as noted in the associated ActiveMQ advisories. Mitigation in NiFi is to upgrade the activemq-cl...
CVE-2018-1309
Apache NiFi SplitXML processor is affected by an XML External Entity (XXE) vulnerability. Malicious XML content can lead to information disclosure or remote code execution. The issue arises from handling external entities and DOCTYPE processing; mitigation implemented in NiFi 1.6.0 disables exter...