apache-nifi is vulnerable to XML External Entities (XXE) attacks. The library does not properly handle XML template files, allowing a malicious user to inject external entities that can lead to sensitive information being displayed.
CPE | Name | Operator | Version |
---|---|---|---|
nifi-framework-core | le | 1.3.0 |