CVE-2021-44145

Exposure of Sensitive Information to an Unauthorized Actor in maven/org.apache.nifi/nifi

Identifiers

CVE-2021-44145

Package Slug

maven/org.apache.nifi/nifi

Vulnerability

Exposure of Sensitive Information to an Unauthorized Actor

Description

In the TransformXML processor of Apache NiFi an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.

Affected Versions

All versions starting from 0.1.0 before 1.15.1

Solution

Upgrade to version 1.15.1 or above.

Last Modified

2022-01-04

source