Any authenticated user could upload a template containing malicious code causing a denial of service via Java deserialization attack. Fix applied on Apache NiFi 1.4.0 release. Users running prior 1.x release should upgrade
Reporter | Title | Published | Views | Family All 7 |
---|---|---|---|---|
OSV | Denial of service via deserialization attack in nifi | 25 Oct 201919:42 | – | osv |
OSV | CVE-2017-15703 | 25 Jan 201821:29 | – | osv |
Veracode | Java Deserialization | 26 Jan 201804:42 | – | veracode |
Github Security Blog | Denial of service via deserialization attack in nifi | 25 Oct 201919:42 | – | github |
CVE | CVE-2017-15703 | 25 Jan 201821:29 | – | cve |
Prion | Deserialization of untrusted data | 25 Jan 201821:29 | – | prion |
NVD | CVE-2017-15703 | 25 Jan 201821:29 | – | nvd |
[
{
"product": "Apache NiFi",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.0.0 - 1.3.0"
}
]
}
]
Source | Link |
---|---|
nifi | www.nifi.apache.org/security.html |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo