CVE-2021-44145

MEDIUM6.5EPSS 0.32%

Apache NiFi information disclosure by XXE

Published: 1/5/2022Modified: 9/15/2025

Description

In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.

Affected packages (2)

Bitnami/nifi>= 0.1.0, < 1.15.1
Maven/org.apache.nifi:nififrom 0, < 1.15.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-44145
WEBhttps://nifi.apache.org/security.html#1.15.1-vulnerabilities
WEBhttp://www.openwall.com/lists/oss-security/2021/12/17/1