CVE-2021-44145
N/A
N/A
Summary
In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache NiFi | Apache NiFi <= 1.15.0 | affected |
Weaknesses
- Sensitive information disclosure
ADP Enrichment
CVE Program Container
Additional References
- https://nifi.apache.org/security.html#1.15.1-vulnerabilities
- http://www.openwall.com/lists/oss-security/2021/12/17/1
References
- https://nifi.apache.org/security.html#1.15.1-vulnerabilities
- http://www.openwall.com/lists/oss-security/2021/12/17/1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.