5 matches found
org.apache.nifi.minifi:minifi-assembly (=1.22.0), org.apache.nifi:nifi-dbcp-service-nar (>=1.16.0 <=1.22.0) +1 more potentially affected by CVE-2023-36542 via org.apache.nifi:nifi-hikari-dbcp-service (>=1.16.0 <=1.22.0)
org.apache.nifi:nifi-hikari-dbcp-service MAVEN version =1.16.0, =1.16.0, =1.16.0, =1.18.0 Source cves: CVE-2023-36542 Source advisory: OSV:GHSA-R969-8V3H-23V9...
org.apache.nifi:nifi-jms-processors-nar (>=0.6.0 <=1.22.0) potentially affected by CVE-2023-36542 via org.apache.nifi:nifi-jms-processors (>=0.6.0 <=1.22.0)
org.apache.nifi:nifi-jms-processors MAVEN version =0.6.0, =0.6.0, =1.22.0 Source cves: CVE-2023-36542 Source advisory: OSV:GHSA-R969-8V3H-23V9...
org.apache.nifi:nifi-hadoop-dbcp-service-nar (>=1.12.0 <=1.22.0) potentially affected by CVE-2023-36542 via org.apache.nifi:nifi-hadoop-dbcp-service (>=1.12.0 <=1.22.0)
org.apache.nifi:nifi-hadoop-dbcp-service MAVEN version =1.12.0, =1.12.0, =1.22.0 Source cves: CVE-2023-36542 Source advisory: OSV:GHSA-R969-8V3H-23V9...
CVE-2023-36542
Summary of CVE-2023-36542 (Apache NiFi) : NiFi versions 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which can enable a privileged user to configure a location that allows custom code execution. The root cause involves re...
CVE-2023-36542 Apache NiFi: Potential Code Injection with Properties Referencing Remote Resources
Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission fo...