|Package Slug|| |
Improper Restriction of XML External Entity Reference
In Apache NiFi, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE).
|Affected Versions|| |
All versions starting from 1.0.0 up to 1.11.4
Upgrade to version 1.12.0 or above.
|Last Modified|| |