Lucene search
Veracode Vulnerability DatabaseVERACODE:21984HistoryNov 20, 2019 - 2:26 a.m.
XML External Entities (XXE)
2019-11-2002:26:57
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.001 Low
EPSS
Percentile
45.2%
nifi-lookup-services is vulnerable to XML external entities (XXE). The vulnerability exists as the XMLFileLookupService allowed trusted users to use a malicious XML file to cause information such as the versions of Java, Jersey, and Apache to be revealed.
| CPE | Name | Operator | Version |
|---|---|---|---|
| nifi-lookup-services | le | 1.9.2 |
References
github.com/apache/nifi/commit/75fb34c8ee4fd364fbfa81c433b2cc26304a33f7
github.com/apache/nifi/pull/3507
issues.apache.org/jira/browse/NIFI-6301
lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
nifi.apache.org/security.html#CVE-2019-10080
www.oracle.com/security-alerts/cpuApr2021.html
Related
github
github
Apache NiFi information disclosure by XXE
2019-12-02 18:17:36
cve
cve
CVE-2019-10080
2019-11-19 22:15:11
prion
prion
Information disclosure
2019-11-19 22:15:00
cvelist
cvelist
CVE-2019-10080
2019-11-19 21:32:11
osv
osv
CVE-2019-10080
2019-11-19 22:15:11
Apache NiFi information disclosure by XXE
2019-12-02 18:17:36
nvd
nvd
CVE-2019-10080
2019-11-19 22:15:11
oracle
oracle
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00