CVE-2021-44145

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-44145
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44145.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-44145
Aliases
Published
2021-12-17T09:15:07Z
Modified
2024-09-03T03:58:01.320010Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.

References

Affected packages

Git / github.com/apache/nifi

Affected ranges

Type
GIT
Repo
https://github.com/apache/nifi
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2a756372fc7097ece6258c2af47b9a5f26384b02

Affected versions

docker/nifi-1.*

docker/nifi-1.2.0

nifi-0.*

nifi-0.0.1-incubating-RC3
nifi-0.0.2-incubating-RC1
nifi-0.1.0-incubating-rc13
nifi-0.2.0-incubating-RC1
nifi-0.2.1-RC1
nifi-0.3.0-RC1
nifi-0.4.0
nifi-0.4.0-RC2
nifi-0.4.1
nifi-0.4.1-RC1
nifi-0.5.0
nifi-0.5.0-RC3
nifi-0.6.0
nifi-0.6.0-RC2

nifi-1.*

nifi-1.0.0-RC1
nifi-1.1.0-RC2
nifi-1.10.0-RC3
nifi-1.11.0-RC3
nifi-1.12.0-RC1
nifi-1.14.0-RC2
nifi-1.15.0-RC3
nifi-1.2.0-RC2
nifi-1.3.0-RC1
nifi-1.5.0-RC1
nifi-1.6.0-RC3
nifi-1.7.0-RC1
nifi-1.8.0-RC3
nifi-1.9.0-RC2

nifi-nar-maven-plugin-1.*

nifi-nar-maven-plugin-1.0.0-incubating-RC3
nifi-nar-maven-plugin-1.0.1-incubating-rc13

nifi-parent-1.*

nifi-parent-1.0.0-incubating-rc13

rel/nifi-1.*

rel/nifi-1.0.0
rel/nifi-1.1.0
rel/nifi-1.10.0
rel/nifi-1.11.0
rel/nifi-1.12.0
rel/nifi-1.14.0
rel/nifi-1.15.0
rel/nifi-1.2.0
rel/nifi-1.3.0
rel/nifi-1.4.0
rel/nifi-1.5.0
rel/nifi-1.6.0
rel/nifi-1.7.0
rel/nifi-1.8.0
rel/nifi-1.9.0