An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release.
References
Link | Resource |
---|---|
https://nifi.apache.org/security.html#CVE-2017-12623 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2017-10-10 11:29
Updated : 2017-11-05 13:11
NVD link : CVE-2017-12623
Mitre link : CVE-2017-12623
JSON object : View
CWE
CWE-611
Improper Restriction of XML External Entity Reference
Products Affected
apache
- nifi