The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the versions of Java, Jersey, and Apache that the NiFI instance uses.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2019-11-19T21:32:11
Updated: 2021-06-14T17:20:06
Reserved: 2019-03-26T00:00:00
Link: CVE-2019-10080
JSON object: View
NVD Information
Status : Modified
Published: 2019-11-19T22:15:11.160
Modified: 2023-11-07T03:02:22.190
Link: CVE-2019-10080
JSON object: View
Redhat Information
No data.
CWE