CVE-2021-44145 – org.apache.nifi:nifi

Package

Manager: maven
Name: org.apache.nifi:nifi
Vulnerable Version: >=0 <1.15.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00166 pctl0.38206

Details

Exposure of Sensitive Information to an Unauthorized Actor in Apache NiFi In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.

Metadata

Created: 2022-01-05T17:33:32Z
Modified: 2022-01-04T20:18:58Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-rq96-qhc5-vm4r/GHSA-rq96-qhc5-vm4r.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-rq96-qhc5-vm4r
Finding: F017
Auto approve: 1