Home

CVE-2021-44145

Description

In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.315

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-44145 are fixed in Apache-nifi-api 1.15.1Windows
Vulnerabilities CVE-2021-44145 are fixed in Apache-Nifi-api for Linux 1.15.1Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234