Denial of service via deserialization attack in nifi

2019-10-2519:42:50

Google

osv.dev

0.001 Low

EPSS

Percentile

22.9%

JSON

A vulnerability found in Apache NIFI before 1.5.0-RC1. Attacker can perform XXE attacks through JAXB.

CPENameOperatorVersion
org.apache.nifi:nifi-framework-cluster-protocoleq0.4.1
org.apache.nifi:nifi-framework-cluster-protocoleq0.6.0
org.apache.nifi:nifi-framework-cluster-protocoleq0.7.1
org.apache.nifi:nifi-framework-cluster-protocoleq0.2.0-incubating
org.apache.nifi:nifi-framework-cluster-protocoleq1.1.2
org.apache.nifi:nifi-framework-cluster-protocoleq0.7.4
org.apache.nifi:nifi-framework-cluster-protocoleq0.7.0
org.apache.nifi:nifi-framework-cluster-protocoleq1.0.0
org.apache.nifi:nifi-framework-cluster-protocoleq0.2.1
org.apache.nifi:nifi-framework-cluster-protocoleq0.5.0

Name	Operator	Version
org.apache.nifi:nifi-framework-cluster-protocol	eq	0.4.1
org.apache.nifi:nifi-framework-cluster-protocol	eq	0.6.0
org.apache.nifi:nifi-framework-cluster-protocol	eq	0.7.1
org.apache.nifi:nifi-framework-cluster-protocol	eq	0.2.0-incubating
org.apache.nifi:nifi-framework-cluster-protocol	eq	1.1.2
org.apache.nifi:nifi-framework-cluster-protocol	eq	0.7.4
org.apache.nifi:nifi-framework-cluster-protocol	eq	0.7.0
org.apache.nifi:nifi-framework-cluster-protocol	eq	1.0.0
org.apache.nifi:nifi-framework-cluster-protocol	eq	0.2.1
org.apache.nifi:nifi-framework-cluster-protocol	eq	0.5.0