4 matches found
CVE-2025-66524
Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the GetAsanaObject processor, which uses generic Java object serialization and deserialization without filtering. An attacker can execute arbitrary code by supplying crafted serialized objects to th...
CVE-2025-66524
Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without...
CVE-2025-66524 Apache NiFi: Deserialization of Untrusted Data in GetAsanaObject Processor
Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without...