Lucene search
K

4 matches found

Circl
Circl
added 2022/06/15 6:26 p.m.25 views

CVE-2022-33140

creationtimestamp| type| source ---|---|--- 2022-06-15 18:26:47+00:00| seen| https://t.me/cibsecurity/44539 2024-01-28 03:26:30+00:00| seen| https://t.me/arpsyndicate/3183 2025-08-19 21:02:28+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lwrspzzl7b2m...

8.8CVSS8.1AI score0.03674EPSS
Exploits0References3
NVD
NVD
added 2022/06/15 3:15 p.m.43 views

CVE-2022-33140

The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the...

8.8CVSS0.03674EPSS
Exploits0References2
CVE
CVE
added 2022/06/15 2:25 p.m.109 views

CVE-2022-33140

The Red Hat, CIRCL, OSV, and other connected feeds confirm CVE-2022-33140 affects Apache NiFi (1.10.0–1.16.2) and Apache NiFi Registry (0.6.0–1.16.2). The root cause is that the optional ShellUserGroupProvider does not neutralize arguments for group resolution commands, allowing command injection...

8.8CVSS8.9AI score0.03674EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2022/06/15 2:25 p.m.47 views

CVE-2022-33140 Improper Neutralization of Command Elements in Shell User Group Provider

The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the...

9.1AI score0.03674EPSS
Exploits0References2
Rows per page
Query Builder