CVE-2017-12623

Summary

An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache NiFi1.0.0 to 1.3.0affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References