CVE-2019-10080

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-10080

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10080.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-10080

Aliases

GHSA-744r-vv2g-2x6g

Published

2019-11-19T22:15:11.160Z

Modified

2026-04-10T04:11:44.568483Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the versions of Java, Jersey, and Apache that the NiFI instance uses.

References

Affected packages

Git / github.com/apache/nifi

Affected ranges

Type

GIT

Repo

https://github.com/apache/nifi

Events

Introduced

ddb73612bd1512d8b2151b81f9aa40811bca2aaa

Last affected

11320acfbaab1a3579bd8f7545473d6984472d77

Database specific

{
    "versions": [
        {
            "introduced": "1.3.0"
        },
        {
            "last_affected": "1.9.2"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10080.json"