CVE-2018-1309

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1309

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1309.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1309

Aliases

GHSA-42wx-65g4-5cxv

Published

2018-05-23T14:29:00Z

Modified

2025-01-14T07:23:22.947100Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

References

https://nifi.apache.org/security.html#CVE-2018-1309

Affected packages

Git / github.com/apache/nifi

Affected ranges

Type: GIT
Repo: https://github.com/apache/nifi
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f8466cb16d6723ddc3bf5f0e7f8ce8a47d27cbe5

Affected versions

docker/nifi-1.*

docker/nifi-1.2.0

nifi-0.*

nifi-0.0.1-incubating-RC3

nifi-0.0.2-incubating-RC1

nifi-0.1.0-incubating-rc13

nifi-0.2.0-incubating-RC1

nifi-0.2.1-RC1

nifi-0.3.0-RC1

nifi-0.4.0

nifi-0.4.0-RC2

nifi-0.4.1

nifi-0.4.1-RC1

nifi-0.5.0

nifi-0.5.0-RC3

nifi-0.6.0

nifi-0.6.0-RC2

nifi-1.*

nifi-1.0.0-RC1

nifi-1.1.0-RC2

nifi-1.2.0-RC2

nifi-1.3.0-RC1

nifi-1.5.0-RC1

nifi-nar-maven-plugin-1.*

nifi-nar-maven-plugin-1.0.0-incubating-RC3

nifi-nar-maven-plugin-1.0.1-incubating-rc13

nifi-parent-1.*

nifi-parent-1.0.0-incubating-rc13

rel/nifi-1.*

rel/nifi-1.0.0

rel/nifi-1.1.0

rel/nifi-1.2.0

rel/nifi-1.3.0

rel/nifi-1.4.0

rel/nifi-1.5.0