VulnerableCode Package Details - pkg:maven/org.apache.nifi/nifi@0.0.1-incubating

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.nifi/nifi@0.0.1-incubating

Essentials
History (24)

purl	pkg:maven/org.apache.nifi/nifi@0.0.1-incubating

Next non-vulnerable version	1.24.0
Latest non-vulnerable version	1.24.0
Risk	4.0

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-4fnm-bxv8-vqhz Aliases: CVE-2016-8748 GHSA-g2fm-x3cp-mqw9	Cross-site Scripting In Apache NiFi, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.	1.0.1 Affected by 19 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.1.1 Affected by 20 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bpqd-tx8f-kycf Aliases: CVE-2022-29265 GHSA-wc97-7623-rxwx	Improper Restriction of XML External Entity Reference Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: - `EvaluateXPath` - `EvaluateXQuery` - `ValidateXml` Apache NiFi flow configurations that include these Processors is vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services.	1.16.1 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-j263-1hyr-t7hn Aliases: CVE-2018-1310 GHSA-p76j-5v6v-6c22	Deserialization of Untrusted Data Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service.	1.6.0 Affected by 14 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-k1bm-1u7b-vybp Aliases: CVE-2017-12632 GHSA-w4x6-j349-9r57	Improper Input Validation A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server.	1.5.0 Affected by 15 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-r9su-47z6-x7cw Aliases: CVE-2017-7667 GHSA-jvx9-rj3w-jq99	Origin Validation Error Apache NiFi needs to establish the response header telling browsers to only allow framing with the same origin.	0.7.4 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.3.0 Affected by 19 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-tnfn-2kzc-rugx Aliases: CVE-2017-7665 GHSA-m5r7-w9v3-ghmx	Cross-site Scripting There are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.	0.7.4 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.3.0 Affected by 19 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:45:57.867740+00:00	GitLab Importer	Affected by	VCID-bpqd-tx8f-kycf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2022-29265.yml	38.4.0
2026-04-16T20:43:00.402453+00:00	GitLab Importer	Affected by	VCID-j263-1hyr-t7hn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2018-1310.yml	38.4.0
2026-04-16T20:41:19.443864+00:00	GitLab Importer	Affected by	VCID-k1bm-1u7b-vybp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2017-12632.yml	38.4.0
2026-04-16T20:39:24.272213+00:00	GitLab Importer	Affected by	VCID-4fnm-bxv8-vqhz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2016-8748.yml	38.4.0
2026-04-16T20:37:13.118806+00:00	GitLab Importer	Affected by	VCID-r9su-47z6-x7cw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2017-7667.yml	38.4.0
2026-04-16T20:37:12.595935+00:00	GitLab Importer	Affected by	VCID-tnfn-2kzc-rugx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2017-7665.yml	38.4.0
2026-04-11T23:01:43.307594+00:00	GitLab Importer	Affected by	VCID-bpqd-tx8f-kycf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2022-29265.yml	38.3.0
2026-04-11T21:53:38.427302+00:00	GitLab Importer	Affected by	VCID-j263-1hyr-t7hn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2018-1310.yml	38.3.0
2026-04-11T21:51:54.233853+00:00	GitLab Importer	Affected by	VCID-k1bm-1u7b-vybp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2017-12632.yml	38.3.0
2026-04-11T21:50:10.058467+00:00	GitLab Importer	Affected by	VCID-4fnm-bxv8-vqhz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2016-8748.yml	38.3.0
2026-04-11T21:47:50.600132+00:00	GitLab Importer	Affected by	VCID-r9su-47z6-x7cw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2017-7667.yml	38.3.0
2026-04-11T21:47:50.014740+00:00	GitLab Importer	Affected by	VCID-tnfn-2kzc-rugx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2017-7665.yml	38.3.0
2026-04-02T23:10:11.853530+00:00	GitLab Importer	Affected by	VCID-bpqd-tx8f-kycf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2022-29265.yml	38.1.0
2026-04-02T22:07:21.429600+00:00	GitLab Importer	Affected by	VCID-j263-1hyr-t7hn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2018-1310.yml	38.1.0
2026-04-02T22:05:41.576296+00:00	GitLab Importer	Affected by	VCID-k1bm-1u7b-vybp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2017-12632.yml	38.1.0
2026-04-02T22:04:01.127240+00:00	GitLab Importer	Affected by	VCID-4fnm-bxv8-vqhz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2016-8748.yml	38.1.0
2026-04-02T22:01:45.280797+00:00	GitLab Importer	Affected by	VCID-r9su-47z6-x7cw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2017-7667.yml	38.1.0
2026-04-02T22:01:44.759787+00:00	GitLab Importer	Affected by	VCID-tnfn-2kzc-rugx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2017-7665.yml	38.1.0
2026-04-01T17:29:58.215348+00:00	GitLab Importer	Affected by	VCID-bpqd-tx8f-kycf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2022-29265.yml	38.0.0
2026-04-01T16:24:25.884425+00:00	GitLab Importer	Affected by	VCID-j263-1hyr-t7hn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2018-1310.yml	38.0.0
2026-04-01T16:22:39.154989+00:00	GitLab Importer	Affected by	VCID-k1bm-1u7b-vybp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2017-12632.yml	38.0.0
2026-04-01T16:20:59.740877+00:00	GitLab Importer	Affected by	VCID-4fnm-bxv8-vqhz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2016-8748.yml	38.0.0
2026-04-01T16:18:57.771282+00:00	GitLab Importer	Affected by	VCID-r9su-47z6-x7cw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2017-7667.yml	38.0.0
2026-04-01T16:18:57.188464+00:00	GitLab Importer	Affected by	VCID-tnfn-2kzc-rugx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2017-7665.yml	38.0.0