In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.
Published: 2021-12-17
Description
In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.
AI Intelligence Brief
AI Intelligence
Analyzing vulnerability vectors…
🛡️CVE Intelligence Platform
Welcome to THREATQUARTERS
Your command center for real-time vulnerability intelligence — built for security professionals who need answers fast.
Search 200,000+ CVEs by ID, keyword, or technology
Instant CVSS scores, severity ratings and exploit / PoC links