Maven package
org.apache.nifi/nifi-standard-processors
pkg:maven/org.apache.nifi/nifi-standard-processors
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-36542 | — | >= 0.0.2, < 1.23.0 | 1.23.0 | Jul 29, 2023 | Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Requi | ||
| CVE-2018-1309 | Cri | 9.8 | >= 0.1.0, < 1.6.0 | 1.6.0 | May 23, 2018 | Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users |
- CVE-2023-36542Jul 29, 2023affected >= 0.0.2, < 1.23.0fixed 1.23.0
Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Requi
- affected >= 0.1.0, < 1.6.0fixed 1.6.0
Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users