Search for packages
Package details: pkg:maven/org.apache.nifi.registry/nifi-registry-web-api@0.7.0
purl pkg:maven/org.apache.nifi.registry/nifi-registry-web-api@0.7.0
Next non-vulnerable version 1.16.3
Latest non-vulnerable version 1.16.3
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-n1sh-68hr-aaae
Aliases:
CVE-2022-33140
GHSA-77hf-23pq-2g7c
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments.
1.16.3
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-gn4r-d2p4-aaap Insufficient Session Expiration in Apache NiFi Registry CVE-2020-9482
GHSA-rcwj-2hj2-vmjj

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T15:57:21.543400+00:00 GitLab Importer Affected by VCID-n1sh-68hr-aaae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi.registry/nifi-registry-web-api/CVE-2022-33140.yml 36.1.3
2025-06-20T15:57:21.503931+00:00 GitLab Importer Affected by VCID-n1sh-68hr-aaae None 36.1.3
2025-06-20T14:37:22.366435+00:00 GitLab Importer Fixing VCID-gn4r-d2p4-aaap None 36.1.3
2025-06-20T14:37:21.321265+00:00 GitLab Importer Fixing VCID-gn4r-d2p4-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi.registry/nifi-registry-web-api/CVE-2020-9482.yml 36.1.3
2025-06-03T22:38:04.296185+00:00 GitLab Importer Affected by VCID-n1sh-68hr-aaae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi.registry/nifi-registry-web-api/CVE-2022-33140.yml 36.1.0
2025-06-03T22:38:04.261174+00:00 GitLab Importer Affected by VCID-n1sh-68hr-aaae None 36.1.0
2025-06-03T21:21:13.291529+00:00 GitLab Importer Fixing VCID-gn4r-d2p4-aaap None 36.1.0
2025-06-03T21:21:12.394798+00:00 GitLab Importer Fixing VCID-gn4r-d2p4-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi.registry/nifi-registry-web-api/CVE-2020-9482.yml 36.1.0
2025-06-02T22:26:39.206596+00:00 GitLab Importer Affected by VCID-n1sh-68hr-aaae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi.registry/nifi-registry-web-api/CVE-2022-33140.yml 36.1.2
2025-06-02T22:26:39.168441+00:00 GitLab Importer Affected by VCID-n1sh-68hr-aaae None 36.1.2
2025-06-02T21:02:49.053419+00:00 GitLab Importer Fixing VCID-gn4r-d2p4-aaap None 36.1.2
2025-06-02T21:02:47.903023+00:00 GitLab Importer Fixing VCID-gn4r-d2p4-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi.registry/nifi-registry-web-api/CVE-2020-9482.yml 36.1.2
2025-04-03T20:04:44.261806+00:00 GitLab Importer Affected by VCID-n1sh-68hr-aaae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi.registry/nifi-registry-web-api/CVE-2022-33140.yml 36.0.0
2025-04-03T20:04:44.149292+00:00 GitLab Importer Affected by VCID-n1sh-68hr-aaae None 36.0.0
2025-04-03T17:36:20.055087+00:00 GitLab Importer Fixing VCID-gn4r-d2p4-aaap None 36.0.0
2025-04-03T17:36:17.252673+00:00 GitLab Importer Fixing VCID-gn4r-d2p4-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi.registry/nifi-registry-web-api/CVE-2020-9482.yml 36.0.0
2025-02-18T00:43:07.807958+00:00 GitLab Importer Affected by VCID-n1sh-68hr-aaae None 35.1.0
2025-02-18T00:43:07.705198+00:00 GitLab Importer Affected by VCID-n1sh-68hr-aaae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi.registry/nifi-registry-web-api/CVE-2022-33140.yml 35.1.0
2025-02-17T23:58:59.677548+00:00 GitLab Importer Fixing VCID-gn4r-d2p4-aaap None 35.1.0
2025-02-17T23:58:59.597130+00:00 GitLab Importer Fixing VCID-gn4r-d2p4-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi.registry/nifi-registry-web-api/CVE-2020-9482.yml 35.1.0
2024-11-20T23:18:20.927126+00:00 GitLab Importer Affected by VCID-n1sh-68hr-aaae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi.registry/nifi-registry-web-api/CVE-2022-33140.yml 35.0.0
2024-11-20T22:57:37.317580+00:00 GitLab Importer Fixing VCID-gn4r-d2p4-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi.registry/nifi-registry-web-api/CVE-2020-9482.yml 35.0.0
2024-11-18T23:05:50.095772+00:00 GitLab Importer Affected by VCID-n1sh-68hr-aaae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi.registry/nifi-registry-web-api/CVE-2022-33140.yml 34.3.2
2024-11-18T22:44:22.763233+00:00 GitLab Importer Fixing VCID-gn4r-d2p4-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi.registry/nifi-registry-web-api/CVE-2020-9482.yml 34.3.2
2024-10-15T18:41:54.621267+00:00 GithubOSV Importer Fixing VCID-gn4r-d2p4-aaap https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-rcwj-2hj2-vmjj/GHSA-rcwj-2hj2-vmjj.json 34.0.2
2024-10-08T00:05:07.313827+00:00 GitLab Importer Affected by VCID-n1sh-68hr-aaae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi.registry/nifi-registry-web-api/CVE-2022-33140.yml 34.0.2
2024-10-07T23:44:31.353723+00:00 GitLab Importer Fixing VCID-gn4r-d2p4-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi.registry/nifi-registry-web-api/CVE-2020-9482.yml 34.0.2
2024-10-07T18:50:51.395252+00:00 GHSA Importer Fixing VCID-gn4r-d2p4-aaap https://github.com/advisories/GHSA-rcwj-2hj2-vmjj 34.0.2
2024-09-23T00:18:41.237958+00:00 GitLab Importer Affected by VCID-n1sh-68hr-aaae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi.registry/nifi-registry-web-api/CVE-2022-33140.yml 34.0.1
2024-09-22T23:58:54.950145+00:00 GitLab Importer Fixing VCID-gn4r-d2p4-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi.registry/nifi-registry-web-api/CVE-2020-9482.yml 34.0.1
2024-09-18T09:06:55.374289+00:00 GithubOSV Importer Fixing VCID-gn4r-d2p4-aaap https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-rcwj-2hj2-vmjj/GHSA-rcwj-2hj2-vmjj.json 34.0.1
2024-09-17T22:02:16.460786+00:00 GHSA Importer Fixing VCID-gn4r-d2p4-aaap https://github.com/advisories/GHSA-rcwj-2hj2-vmjj 34.0.1
2024-04-24T02:29:55.266612+00:00 GitLab Importer Affected by VCID-n1sh-68hr-aaae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi.registry/nifi-registry-web-api/CVE-2022-33140.yml 34.0.0rc4
2024-04-24T02:29:55.114088+00:00 GitLab Importer Affected by VCID-n1sh-68hr-aaae None 34.0.0rc4
2024-04-24T02:00:08.095177+00:00 GitLab Importer Fixing VCID-gn4r-d2p4-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi.registry/nifi-registry-web-api/CVE-2020-9482.yml 34.0.0rc4
2024-04-24T02:00:07.982967+00:00 GitLab Importer Fixing VCID-gn4r-d2p4-aaap None 34.0.0rc4
2024-04-23T23:03:06.569675+00:00 GithubOSV Importer Fixing VCID-gn4r-d2p4-aaap https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-rcwj-2hj2-vmjj/GHSA-rcwj-2hj2-vmjj.json 34.0.0rc4
2024-04-23T20:44:46.472992+00:00 GHSA Importer Fixing VCID-gn4r-d2p4-aaap None 34.0.0rc4
2024-04-23T20:44:46.246724+00:00 GHSA Importer Fixing VCID-gn4r-d2p4-aaap https://github.com/advisories/GHSA-rcwj-2hj2-vmjj 34.0.0rc4
2024-01-10T05:04:58.701930+00:00 GitLab Importer Affected by VCID-n1sh-68hr-aaae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi.registry/nifi-registry-web-api/CVE-2022-33140.yml 34.0.0rc2
2024-01-10T05:04:58.570874+00:00 GitLab Importer Affected by VCID-n1sh-68hr-aaae None 34.0.0rc2
2024-01-10T04:32:53.524864+00:00 GitLab Importer Fixing VCID-gn4r-d2p4-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi.registry/nifi-registry-web-api/CVE-2020-9482.yml 34.0.0rc2
2024-01-10T04:32:53.416518+00:00 GitLab Importer Fixing VCID-gn4r-d2p4-aaap None 34.0.0rc2
2024-01-09T22:38:50.221577+00:00 GHSA Importer Fixing VCID-gn4r-d2p4-aaap None 34.0.0rc2
2024-01-09T22:38:49.967991+00:00 GHSA Importer Fixing VCID-gn4r-d2p4-aaap https://github.com/advisories/GHSA-rcwj-2hj2-vmjj 34.0.0rc2
2024-01-03T21:52:41.073661+00:00 GitLab Importer Affected by VCID-n1sh-68hr-aaae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi.registry/nifi-registry-web-api/CVE-2022-33140.yml 34.0.0rc1
2024-01-03T21:52:40.938713+00:00 GitLab Importer Affected by VCID-n1sh-68hr-aaae None 34.0.0rc1
2024-01-03T21:19:43.221008+00:00 GitLab Importer Fixing VCID-gn4r-d2p4-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.nifi.registry/nifi-registry-web-api/CVE-2020-9482.yml 34.0.0rc1
2024-01-03T21:19:43.117056+00:00 GitLab Importer Fixing VCID-gn4r-d2p4-aaap None 34.0.0rc1
2024-01-03T17:37:09.086196+00:00 GHSA Importer Fixing VCID-gn4r-d2p4-aaap https://github.com/advisories/GHSA-rcwj-2hj2-vmjj 34.0.0rc1
2024-01-03T17:11:13.090901+00:00 GHSA Importer Fixing VCID-gn4r-d2p4-aaap None 34.0.0rc1