CVE-2018-1309

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-1309
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1309.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1309
Aliases
Published
2018-05-23T14:29:00Z
Modified
2024-09-03T02:05:18.827164Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

References

Affected packages

Git / github.com/apache/nifi

Affected ranges

Type
GIT
Repo
https://github.com/apache/nifi
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

docker/nifi-1.*

docker/nifi-1.2.0

nifi-0.*

nifi-0.0.1-incubating-RC3
nifi-0.0.2-incubating-RC1
nifi-0.1.0-incubating-rc13
nifi-0.2.0-incubating-RC1
nifi-0.2.1-RC1
nifi-0.3.0-RC1
nifi-0.4.0
nifi-0.4.0-RC2
nifi-0.4.1
nifi-0.4.1-RC1
nifi-0.5.0
nifi-0.5.0-RC3
nifi-0.6.0
nifi-0.6.0-RC2

nifi-1.*

nifi-1.0.0-RC1
nifi-1.1.0-RC2
nifi-1.2.0-RC2
nifi-1.3.0-RC1
nifi-1.5.0-RC1

nifi-nar-maven-plugin-1.*

nifi-nar-maven-plugin-1.0.0-incubating-RC3
nifi-nar-maven-plugin-1.0.1-incubating-rc13

nifi-parent-1.*

nifi-parent-1.0.0-incubating-rc13

rel/nifi-1.*

rel/nifi-1.0.0
rel/nifi-1.1.0
rel/nifi-1.2.0
rel/nifi-1.3.0
rel/nifi-1.4.0
rel/nifi-1.5.0