CVE-2017-12623

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-12623

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12623.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-12623

Aliases

GHSA-qj7f-j6h9-g5rq

Published

2017-10-10T18:29:00.197Z

Modified

2026-02-13T08:09:38.384006Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

References

https://nifi.apache.org/security.html#CVE-2017-12623

Affected packages

Git / github.com/apache/nifi

Affected ranges

Type: GIT
Repo: https://github.com/apache/nifi
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

74d5224783dfdc513f6b3ad5ed96671d3c581707

Affected versions

nifi-0.*

nifi-0.0.1-incubating-RC3

nifi-0.0.2-incubating-RC1

nifi-0.1.0-incubating-rc13

nifi-0.2.0-incubating-RC1

nifi-0.2.1-RC1

nifi-0.3.0-RC1

nifi-0.4.0

nifi-0.4.0-RC2

nifi-0.4.1

nifi-0.4.1-RC1

nifi-0.5.0

nifi-0.5.0-RC3

nifi-0.6.0

nifi-0.6.0-RC2

nifi-1.*

nifi-1.0.0-RC1

nifi-nar-maven-plugin-1.*

nifi-nar-maven-plugin-1.0.0-incubating-RC3

nifi-nar-maven-plugin-1.0.1-incubating-rc13

nifi-parent-1.*

nifi-parent-1.0.0-incubating-rc13

rel/nifi-1.*

rel/nifi-1.0.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12623.json"