Search for packages
| purl | pkg:maven/org.apache.nifi/nifi@0.6.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-41xz-swbp-aaaq
Aliases: CVE-2018-1310 GHSA-p76j-5v6v-6c22 |
Deserialization of Untrusted Data Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. |
Affected by 19 other vulnerabilities. |
|
VCID-6st7-u1jz-aaar
Aliases: CVE-2020-1942 GHSA-7q8g-gpfp-v8gx |
Insertion of Sensitive Information into Log File in Apache NiFi |
Affected by 13 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-71u6-xnca-aaad
Aliases: CVE-2017-7667 GHSA-jvx9-rj3w-jq99 |
Origin Validation Error Apache NiFi needs to establish the response header telling browsers to only allow framing with the same origin. |
Affected by 10 other vulnerabilities. Affected by 25 other vulnerabilities. |
|
VCID-ask9-ndpt-aaaj
Aliases: CVE-2021-44145 GHSA-rq96-qhc5-vm4r |
Exposure of Sensitive Information to an Unauthorized Actor in Apache NiFi |
Affected by 8 other vulnerabilities. |
|
VCID-c9w7-rcsr-aaar
Aliases: CVE-2017-12632 GHSA-w4x6-j349-9r57 |
Improper Input Validation A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. |
Affected by 21 other vulnerabilities. |
|
VCID-f4t5-cj5v-aaam
Aliases: CVE-2023-34468 GHSA-xm2m-2q6h-22jw |
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC locations. You are recommended to upgrade to version 1.22.0 or later which fixes this issue. |
Affected by 3 other vulnerabilities. |
|
VCID-fn6p-rc11-aaag
Aliases: CVE-2016-8748 GHSA-g2fm-x3cp-mqw9 |
Cross-site Scripting In Apache NiFi, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM. |
Affected by 27 other vulnerabilities. Affected by 26 other vulnerabilities. |
|
VCID-hmz2-kc5j-aaac
Aliases: CVE-2022-29265 GHSA-wc97-7623-rxwx |
Multiple components in Apache NiFi do not restrict XML External Entity references |
Affected by 6 other vulnerabilities. |
|
VCID-km42-h6gv-aaas
Aliases: CVE-2017-5636 GHSA-jrcc-7jf5-3pxg |
Injection Vulnerability The proxy chain `serialization/deserialization` is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node. |
Affected by 12 other vulnerabilities. Affected by 24 other vulnerabilities. |
|
VCID-q87t-ahgd-aaam
Aliases: CVE-2017-5635 GHSA-jgj9-6v78-6g8m |
Improper Authentication If an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user. |
Affected by 12 other vulnerabilities. Affected by 24 other vulnerabilities. |
|
VCID-ua4c-vbw9-aaaa
Aliases: CVE-2023-36542 GHSA-r969-8v3h-23v9 |
Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission for referencing remote resources, restricting configuration of these components to privileged users. The permission prevents unprivileged users from configuring Processors and Controller Services annotated with the new Reference Remote Resources restriction. Upgrading to Apache NiFi 1.23.0 is the recommended mitigation. |
Affected by 2 other vulnerabilities. |
|
VCID-uast-v5ac-aaac
Aliases: CVE-2018-1309 GHSA-42wx-65g4-5cxv |
Improper Restriction of XML External Entity Reference Apache NiFi External XML Entity issue in `SplitXML` processor. Malicious XML content could cause information disclosure or remote code execution. |
Affected by 19 other vulnerabilities. |
|
VCID-xxgv-nbrd-aaas
Aliases: CVE-2017-7665 GHSA-m5r7-w9v3-ghmx |
Cross-site Scripting There are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient. |
Affected by 10 other vulnerabilities. Affected by 25 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||