CVE-2021-44145

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-44145
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44145.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-44145
Aliases
Published
2021-12-17T09:15:07.117Z
Modified
2026-04-10T04:41:15.194064Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.

References

Affected packages

Git / github.com/apache/nifi

Affected ranges

Type
GIT
Repo
https://github.com/apache/nifi
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2a756372fc7097ece6258c2af47b9a5f26384b02
Database specific 
{
    "versions": [
        {
            "introduced": "0.1.0"
        },
        {
            "fixed": "1.15.1"
        }
    ]
}

Affected versions

docker/nifi-1.*
docker/nifi-1.2.0
nifi-0.*
nifi-0.2.0-incubating-RC1
nifi-0.4.1
nifi-0.4.1-RC1
nifi-0.6.0
nifi-0.6.0-RC2
nifi-1.*
nifi-1.1.0-RC2
nifi-1.15.0-RC3
nifi-1.2.0-RC2
rel/nifi-1.*
rel/nifi-1.1.0
rel/nifi-1.15.0
rel/nifi-1.2.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44145.json"