CVE-2020-9487
CVE-2020-9487 affects Apache NiFi 1.0.0–1.11.4. The NiFi download token mechanism used a fixed cache size and did not authenticate a request to create a download token, only when the token was used to access content. This allowed an unauthenticated user to repeatedly request download tokens, caus...