Maven package
org.apache.nifi/nifi-security
pkg:maven/org.apache.nifi/nifi-security
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-10080 | — | >= 1.3.0, < 1.10.0 | 1.10.0 | Nov 19, 2019 | The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the versions of Java, Jersey, and A |
- CVE-2019-10080Nov 19, 2019affected >= 1.3.0, < 1.10.0fixed 1.10.0
The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the versions of Java, Jersey, and A