Paweł Gocyla

**Name of the Vulnerable Software and Affected Versions** Apache NiFi versions prior to 1.4.0 **Description** The issue allows an authorized user to upload a template containing malicious code, which can then access sensitive files via an XML External Entity (XXE) attack. This occurs due to improper handling of XML External Entities. **Recommendations** For Apache NiFi versions prior to 1.4.0, upgrade to Apache NiFi 1.4.0 or a later version to properly handle XML External Entities and prevent XXE attacks.