The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the versions of Java, Jersey, and Apache that the NiFI instance uses.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2019-11-19T21:32:11
Updated: 2024-08-04T22:10:09.485Z
Reserved: 2019-03-26T00:00:00
Link: CVE-2019-10080
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-11-19T22:15:11.160
Modified: 2023-11-07T03:02:22.190
Link: CVE-2019-10080
Redhat
No data.