Date: Thu, 16 Dec 2021 19:01:33 -0500 From: Nathan Gough <thenatog@...che.org> To: oss-security@...ts.openwall.com Subject: CVE-2021-44145: Apache NiFi information disclosure by XXE Severity: Low Description: In the TransformXML processor an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information. This issue is being tracked as NIFI-9399 Credit: This issue was discovered by DangKhai at Viettel Cyber Security. References: https://nifi.apache.org/security.html#1.15.1-vulnerabilities
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.