Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.nifi/nifi@1.23.2
purl pkg:maven/org.apache.nifi/nifi@1.23.2
Next non-vulnerable version 1.24.0
Latest non-vulnerable version 1.24.0
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-hy35-v2p5-2ycq
Aliases:
CVE-2023-49145
GHSA-68pr-6fjc-wmgm
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then arbitrary JavaScript code can be executed within the session context of the authenticated user. Upgrading to Apache NiFi 1.24.0 or 2.0.0-M1 is the recommended mitigation.
1.24.0
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:44:02.797603+00:00 GitLab Importer Affected by VCID-hy35-v2p5-2ycq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2023-49145.yml 38.4.0
2026-04-12T00:03:39.062136+00:00 GitLab Importer Affected by VCID-hy35-v2p5-2ycq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2023-49145.yml 38.3.0
2026-04-03T00:08:19.787838+00:00 GitLab Importer Affected by VCID-hy35-v2p5-2ycq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi/nifi/CVE-2023-49145.yml 38.1.0