3 matches found
org.apache.nifi:nifi-kafka-connector-tests (>=1.14.0 <=1.23.2), org.apache.nifi:nifi-standard-nar (>=1.14.0 <=1.15.3) +4 more potentially affected by CVE-2023-49145 via org.apache.nifi:nifi-jolt-transform-json-ui (>=1.14.0 <=1.23.2)
org.apache.nifi:nifi-jolt-transform-json-ui MAVEN version =1.14.0, =1.14.0, =1.14.0, =1.15.0, =1.14.0, =1.23.2 - org.apache.plc4x:plc4j-nifi-plc4x-nar =0.10.0 - org.apache.plc4x:plc4j-nifi-plc4x-processors =0.10.0 Source cves: CVE-2023-49145 Source advisory: OSV:GHSA-68PR-6FJC-WMGM...
CVE-2023-49145 Apache NiFi: Improper Neutralization of Input in Advanced User Interface for Jolt
Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, the...
CVE-2023-49145
Apache NiFi