An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
Link | Providers |
---|---|
https://nifi.apache.org/security.html#CVE-2017-12623 |
![]() ![]() |
History
No history.

Status: PUBLISHED
Assigner: apache
Published:
Updated: 2024-09-16T16:17:35.807Z
Reserved: 2017-08-07T00:00:00
Link: CVE-2017-12623

No data.

Status : Deferred
Published: 2017-10-10T18:29:00.197
Modified: 2025-04-20T01:37:25.860
Link: CVE-2017-12623

No data.

No data.