Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-11484

Fix CVE-2023-22832: Improper Restriction of XML External Entity References in ExtractCCDAAttributes

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Minor
    • Resolution: Won't Do
    • 1.19.0, 1.19.1
    • None
    • None
    • None

    Description

      Backporting the fix from nifi 1.20.

       

      References: https://issues.apache.org/jira/browse/NIFI-11029

       
      The ExtractCCDAAttributes Processor uses a custom CDAUtil class to load and parse the FlowFile InputStream. The CDAUtil class also includes a load method that takes a standard DOM Document. The Processor should be updated to use the standard nifi-xml-processing library for parsing the XML prior to calling CDAUtil.load.

      In addition to implementing standard XML parsing, the ExtractCCDAAttributes Processor should be deprecated for removal because the implementation relies on outdated libraries, and the extensive use of FlowFile attributes does not align with best practices for record-oriented data handling.

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. NIFI-11029 Add Standard XML Parsing to ExtractCCDAAttributes

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              shreeju Jeyassri Balachandran
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: