CVE-2017-12623

An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:nifi:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:nifi:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:nifi:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:nifi:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:nifi:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:nifi:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:nifi:1.1.0:*:*:*:*:*:*:*

Information

Published : 2017-10-10 11:29

Updated : 2017-11-05 13:11


NVD link : CVE-2017-12623

Mitre link : CVE-2017-12623


JSON object : View

CWE
CWE-611

Improper Restriction of XML External Entity Reference

Advertisement

dedicated server usa

Products Affected

apache

  • nifi