GHSA-rq96-qhc5-vm4r
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rq96-qhc5-vm4r
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-rq96-qhc5-vm4r/GHSA-rq96-qhc5-vm4r.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-rq96-qhc5-vm4r
- Aliases
- Published
- 2022-01-05T17:33:32Z
- Modified
- 2023-11-08T04:07:15.879729Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Exposure of Sensitive Information to an Unauthorized Actor in Apache NiFi
- Details
-
In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.
- Database specific
{ "nvd_published_at": "2021-12-17T09:15:00Z", "github_reviewed_at": "2022-01-04T20:18:58Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-200" ] }- References
Affected packages
Maven / org.apache.nifi:nifi
Package
- Name
- org.apache.nifi:nifi
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.nifi/nifi
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.15.1
Affected versions
0.*
0.0.1-incubating
0.0.2-incubating
0.1.0-incubating
0.2.0-incubating
0.2.1
0.3.0
0.4.0
0.4.1
0.5.0
0.5.1
0.6.0
0.6.1
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
1.*
1.0.0-BETA
1.0.0
1.0.1
1.1.0
1.1.1
1.1.2
1.2.0
1.3.0
1.4.0
1.5.0
1.6.0
1.7.0
1.7.1
1.8.0
1.9.0
1.9.1
1.9.2
1.10.0
1.11.0
1.11.1
1.11.2
1.11.3
1.11.4
1.12.0
1.12.1
1.13.0
1.13.1
1.13.2
1.14.0
1.15.0