Improper Neutralization of Input in Advanced User Interface for Jolt

🗓️ 28 Nov 2023 00:30:33Reported by GitHub Advisory DatabaseType

github

github🔗 github.com👁 25 Views

Improper Input Neutralization in Apache NiFi JoltTransformJSON U

Reporter	Title	Published	Views	Family All 15
Circl	CVE-2023-49145	17 Dec 202310:42	–	circl
CNNVD	Apache NiFi 跨站脚本漏洞	27 Nov 202300:00	–	cnnvd
CNVD	Apache NiFi cross-site scripting vulnerability (CNVD-2023-9665850)	30 Nov 202300:00	–	cnvd
CVE	CVE-2023-49145	27 Nov 202322:14	–	cve
Cvelist	CVE-2023-49145 Apache NiFi: Improper Neutralization of Input in Advanced User Interface for Jolt	27 Nov 202322:14	–	cvelist
EUVD	EUVD-2023-2896	3 Oct 202520:07	–	euvd
NVD	CVE-2023-49145	27 Nov 202323:15	–	nvd
OSV	BIT-NIFI-2023-49145 Apache NiFi: Improper Neutralization of Input in Advanced User Interface for Jolt	12 Sep 202511:47	–	osv
OSV	CVE-2023-49145	27 Nov 202323:15	–	osv
OSV	GHSA-68PR-6FJC-WMGM Improper Neutralization of Input in Advanced User Interface for Jolt	28 Nov 202300:30	–	osv

Vulners

Node

org.apache.nifi nifi-jolt-transform-json-uiRange<1.24.0maven

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-49145
lists	www.lists.apache.org/thread/j8rd0qsvgoj0khqck5f49jfbp0fm8r1o
nifi	www.nifi.apache.org/security.html
github	www.github.com/apache/nifi/pull/8060
github	www.github.com/apache/nifi/commit/50efc55df6bb00ea15adcc2459d5cc82d128857f
issues	www.issues.apache.org/jira/browse/NIFI-12403
openwall	www.openwall.com/lists/oss-security/2023/11/27/5
github	www.github.com/advisories/GHSA-68pr-6fjc-wmgm

28 Nov 2023 20:59Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.15.4 - 7.9

EPSS0.00293

apache nifi jolttransformjson dom-based cross-site scripting user interface security vulnerability javascript execution authentication authorization upgrade mitigation