Lucene search
Veracode Vulnerability DatabaseVERACODE:35368HistoryMay 04, 2022 - 3:37 p.m.
XML External Entity (XXE) Injection
2022-05-0415:37:03
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
22
0.001 Low
EPSS
Percentile
38.3%
NiFi Standard Processors is vulnerable to xml external entity injection. The vulnerability exists in multiple components because EvaluateXPath, EvaluateXQuery and ValidateXml processors do not restrict XXE references when configured with default values which allows an attacker to send malicious XML documents.
References
github.com/advisories/GHSA-wc97-7623-rxwx
github.com/apache/nifi/commit/5d94e7f7d594e600d8eb00329bb38b99d46ec66b
github.com/apache/nifi/pull/5962
github.com/apache/nifi/pull/5986
github.com/apache/nifi/pull/5994
issues.apache.org/jira/browse/NIFI-9901
issues.apache.org/jira/browse/NIFI-9943
lists.apache.org/thread/47od9kr9n4cyv0mv81jh3pkyx815kyjl
nifi.apache.org/security.html#CVE-2022-29265
Related
osv
osv
Multiple components in Apache NiFi do not restrict XML External Entity references
2022-05-01 00:00:33
CVE-2022-29265
2022-04-30 08:15:06
cvelist
cvelist
nvd
nvd
CVE-2022-29265
2022-04-30 08:15:06
prion
prion
Xxe
2022-04-30 08:15:00
github
github
cve
cve
CVE-2022-29265
2022-04-30 08:15:06