In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2021-12-17T08:50:09
Updated: 2024-08-04T04:17:24.439Z
Reserved: 2021-11-22T00:00:00
Link: CVE-2021-44145
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-12-17T09:15:07.117
Modified: 2021-12-29T20:38:44.593
Link: CVE-2021-44145
Redhat
No data.