First published: Fri Dec 17 2021(Updated: )
In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.
Credit: security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache NiFi | >=0.1.0<1.15.1 | |
>=0.1.0<1.15.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-44145 is a vulnerability in the TransformXML processor of Apache NiFi before version 1.15.1.
The severity of CVE-2021-44145 is medium, with a CVSS score of 6.5.
An authenticated user could configure an XSLT file in the TransformXML processor, which, if it included malicious external entity calls, may reveal sensitive information.
CVE-2021-44145 affects Apache NiFi versions before 1.15.1.
To mitigate the vulnerability, update Apache NiFi to version 1.15.1 or later.