[nifi-site] branch master updated: Corrected credit for security vulnerability discovery.

Wed, 13 Nov 2019 16:23:26 -0800 

This is an automated email from the ASF dual-hosted git repository.

alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi-site.git


The following commit(s) were added to refs/heads/master by this push:
     new f934c5a  Corrected credit for security vulnerability discovery.
f934c5a is described below

commit f934c5accaa6ef0a2cb8bfae60ec3e32662485ab
Author: Andy LoPresto <alopre...@apache.org>
AuthorDate: Thu Nov 14 09:22:09 2019 +0900

    Corrected credit for security vulnerability discovery.
---
 src/pages/html/security.hbs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs
index 24dd684..eb74c72 100644
--- a/src/pages/html/security.hbs
+++ b/src/pages/html/security.hbs
@@ -58,7 +58,7 @@ title: Apache NiFi Security Reports
 </div>
 <div class="row" style="background-color: aliceblue">
     <div class="large-12 columns">
-        <p><a id="CVE-2019-10080" 
href="#CVE-2019-10080"><strong>CVE-2019-10080</strong></a>: Apache NiFi 
information disclosure by XXE </p>
+        <p><a id="CVE-2019-10080" 
href="#CVE-2019-10080"><strong>CVE-2019-10080</strong></a>: Apache NiFi 
information disclosure by XXE</p>
         <p>Severity: <strong>Low</strong></p>
         <p>Versions Affected:</p>
         <ul>
@@ -67,7 +67,7 @@ title: Apache NiFi Security Reports
         </p>
         <p>Description: The XMLFileLookupService allowed trusted users to 
inadvertently configure a potentially malicious XML file. The XML file has the 
ability to make external calls to services (via XXE) and reveal information 
such as the versions of Java, Jersey, and Apache that the NiFI instance uses. 
</p>
         <p>Mitigation: A validator to ensure the XML file is not malicious was 
applied on the Apache NiFi 1.10.0 release. Users running a prior 1.x release 
should upgrade to the appropriate release. </p>
-        <p>Credit: This issue was discovered by Shuibo Ye. </p>
+        <p>Credit: This issue was discovered by RunningSnail. </p>
         <p>CVE Link: <a 
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10080"; 
target="_blank">Mitre Database: CVE-2019-10080</a></p>
         <p>NiFi Jira: <a 
href="https://issues.apache.org/jira/browse/NIFI-6301"; 
target="_blank">NIFI-6301</a></p>
         <p>NiFi PR: <a href="https://github.com/apache/nifi/pull/3507"; 
target="_blank">PR 3507</a></p>

Reply via email to