nifi-framework-api is vulnerable to XML external entity (XXE) attack. An attacker is able to submit requests on behalf of the server via an XXE attack as the notification service manager and various policy authorizer and user group provider objects allow trusted administrators to inadvertently configure a potentially malicious XML file.
CPE | Name | Operator | Version |
---|---|---|---|
nifi-framework-api | le | 1.11.4 |