GHSA-8V8J-3HXP-93WR vulnerabilities

Vulnerabilities for packages: apache-nifi-registry...

CVE-2026-39816

The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy...

CVE-2026-41409 vulnerabilities

Vulnerabilities for packages: apache-hop, apache-nifi, jenkins, apache-hop-fips...

GHSA-MGVC-8Q2H-5PGC vulnerabilities

Vulnerabilities for packages: apache-nifi-registry...

BIT-NIFI-2022-33140 Improper Neutralization of Command Elements in Shell User Group Provider

The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the...

GHSA-6R3C-XF4W-JXJM vulnerabilities

Vulnerabilities for packages: apache-nifi, jenkins, apache-nifi-registry, thingsboard...

Apache NiFi 安全漏洞

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation, and system brokering logic. A security vulnerability exists in Apache NiFi versions 1.13.0 through 2.2.0, which stems from the possibility that...

GHSA-V3VC-6QCV-4VRX Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log

Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causi...

GHSA-6V67-2WR5-GVF4 vulnerabilities

Vulnerabilities for packages: trino, dependency-track, kserve-modelmesh, sonarqube-10, tez, thingsboard, akhq, cassandra-reaper, sonarqube, sonar-scanner-cli, cassandra, apache-nifi, management-api-for-apache-cassandra-5.0...

VulnCheck KEV: CVE-2023-36542

Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission...

Apache NiFi 代码注入漏洞

Apache NiFi is an open source tool for building reliable and secure data pipelines. It supports collecting, aggregating and transferring data from a variety of sources and provides powerful data processing and transformation capabilities. A remote code execution vulnerability exists in Apache NiF...

Apache NiFi 信息泄露漏洞

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation and system intermediary logic. A code issue vulnerability exists in Apache NiFi's TransformXML, which stems from a vulnerability in Apache NiFi's...

Apache NiFi Cross-Frame Scripting Vulnerability

Apache NiFi is a data-flow based data processing and distribution system of the Apache Apache Software Foundation, USA. The system supports the configuration and transformation of data routing indicator maps and system intermediary logic. A security vulnerability exists in Apache NiFi versions...