cvedb.io
CVE-2017-12623
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2017-10-10T18:29:00.197 · Last modified 2026-06-17T01:03:39.140

Summary

An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

Affected products

apache — nifi

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.