Back to search
CVE-2019-10080
Published: Nov 19, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the versions of Java, Jersey, and Apache that the NiFI instance uses.
| Vendor | Product | Versions |
|---|---|---|
n/a | Apache NiFi | affected Apache NiFi 1.3.0 to 1.9.2 |
References
[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuApr2021.html
x_refsource_MISC
https://nifi.apache.org/security.html#CVE-2019-10080
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now