You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by al...@apache.org on 2019/11/14 00:22:32 UTC
[nifi-site] branch master updated: Corrected credit for security
vulnerability discovery.
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi-site.git
The following commit(s) were added to refs/heads/master by this push:
new f934c5a Corrected credit for security vulnerability discovery.
f934c5a is described below
commit f934c5accaa6ef0a2cb8bfae60ec3e32662485ab
Author: Andy LoPresto <al...@apache.org>
AuthorDate: Thu Nov 14 09:22:09 2019 +0900
Corrected credit for security vulnerability discovery.
---
src/pages/html/security.hbs | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs
index 24dd684..eb74c72 100644
--- a/src/pages/html/security.hbs
+++ b/src/pages/html/security.hbs
@@ -58,7 +58,7 @@ title: Apache NiFi Security Reports
</div>
<div class="row" style="background-color: aliceblue">
<div class="large-12 columns">
- <p><a id="CVE-2019-10080" href="#CVE-2019-10080"><strong>CVE-2019-10080</strong></a>: Apache NiFi information disclosure by XXE </p>
+ <p><a id="CVE-2019-10080" href="#CVE-2019-10080"><strong>CVE-2019-10080</strong></a>: Apache NiFi information disclosure by XXE</p>
<p>Severity: <strong>Low</strong></p>
<p>Versions Affected:</p>
<ul>
@@ -67,7 +67,7 @@ title: Apache NiFi Security Reports
</p>
<p>Description: The XMLFileLookupService allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the versions of Java, Jersey, and Apache that the NiFI instance uses. </p>
<p>Mitigation: A validator to ensure the XML file is not malicious was applied on the Apache NiFi 1.10.0 release. Users running a prior 1.x release should upgrade to the appropriate release. </p>
- <p>Credit: This issue was discovered by Shuibo Ye. </p>
+ <p>Credit: This issue was discovered by RunningSnail. </p>
<p>CVE Link: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10080" target="_blank">Mitre Database: CVE-2019-10080</a></p>
<p>NiFi Jira: <a href="https://issues.apache.org/jira/browse/NIFI-6301" target="_blank">NIFI-6301</a></p>
<p>NiFi PR: <a href="https://github.com/apache/nifi/pull/3507" target="_blank">PR 3507</a></p>