4 matches found
CVE-2022-33140
creationtimestamp| type| source ---|---|--- 2022-06-15 18:26:47+00:00| seen| https://t.me/cibsecurity/44539 2024-01-28 03:26:30+00:00| seen| https://t.me/arpsyndicate/3183 2025-08-19 21:02:28+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lwrspzzl7b2m...
CVE-2022-33140
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the...
CVE-2022-33140
The Red Hat, CIRCL, OSV, and other connected feeds confirm CVE-2022-33140 affects Apache NiFi (1.10.0–1.16.2) and Apache NiFi Registry (0.6.0–1.16.2). The root cause is that the optional ShellUserGroupProvider does not neutralize arguments for group resolution commands, allowing command injection...
CVE-2022-33140 Improper Neutralization of Command Elements in Shell User Group Provider
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the...