CVE-2018-1309

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-1309

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1309.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1309

Aliases

GHSA-42wx-65g4-5cxv

Published

2018-05-23T14:29:00.387Z

Modified

2026-04-10T04:05:11.461166Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

References

https://nifi.apache.org/security.html#CVE-2018-1309

Affected packages

Git / github.com/apache/nifi

Affected ranges

Type

GIT

Repo

https://github.com/apache/nifi

Events

Introduced

Fixed

f8466cb16d6723ddc3bf5f0e7f8ce8a47d27cbe5

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.6.0"
        }
    ]
}

Affected versions

docker/nifi-1.*

docker/nifi-1.2.0

nifi-0.*

nifi-0.2.0-incubating-RC1

nifi-0.4.1

nifi-0.4.1-RC1

nifi-0.6.0

nifi-0.6.0-RC2

nifi-1.*

nifi-1.1.0-RC2

nifi-1.2.0-RC2

rel/nifi-1.*

rel/nifi-1.1.0

rel/nifi-1.2.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1309.json"