CVE-2021-44145
published 2021-12-17CVE-2021-44145: In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | nifi | — | — |
| apache | nifi | >= 0.1.0 < 1.15.1 | 1.15.1 |
| apache_software_foundation | apache_nifi | Apache NiFi – 1.15.0 | — |