nifi-lookup-services is vulnerable to XML external entities (XXE). The vulnerability exists as the XMLFileLookupService allowed trusted users to use a malicious XML file to cause information such as the versions of Java, Jersey, and Apache to be revealed.
CPE | Name | Operator | Version |
---|---|---|---|
nifi-lookup-services | le | 1.9.2 |
github.com/apache/nifi/commit/75fb34c8ee4fd364fbfa81c433b2cc26304a33f7
github.com/apache/nifi/pull/3507
issues.apache.org/jira/browse/NIFI-6301
lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
nifi.apache.org/security.html#CVE-2019-10080
www.oracle.com/security-alerts/cpuApr2021.html