6 matches found
EUVD-2019-0720
Malware in sbrugna...
CVE-2017-15703
Any authenticated user valid client certificate but without ACL permissions could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users...
CVE-2017-15703
Any authenticated user valid client certificate but without ACL permissions could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users...
CVE-2017-12623
An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity XXE attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the...
Xxe
An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity XXE attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the...
CVE-2017-12623
An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity XXE attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the...