CVE-2017-12623 is a vulnerability in Apache NiFi
Published on October 10, 2017

An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

NVD

Products Associated with CVE-2017-12623

Want to know whenever a new CVE is published for Apache NiFi? stack.watch will email you.

Apache NiFi

Affected Versions

Apache Software Foundation Apache NiFi Version 1.0.0 to 1.3.0 is affected by CVE-2017-12623

Exploit Probability

EPSS

0.30%

Percentile

52.99%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2017-12623 is a vulnerability in Apache NiFiPublished on October 10, 2017

Products Associated with CVE-2017-12623

Affected Versions

Exploit Probability

CVE-2017-12623 is a vulnerability in Apache NiFi
Published on October 10, 2017