5 matches found
EUVD-2023-1709
Malicious code in bioql PyPI...
CVE-2023-34212
The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location...
Deserialization Of Untrusted Data
nifi-jms-processors is vulnerable to Deserialization of Untrusted Data. The vulnerability exists due to improper URL validation in JndiJmsConnectionFactoryProvider of JndiJmsConnectionFactoryProperties.java; if an attacker has access to the provider URL and library property configuration, they ca...
CVE-2023-34212
The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location...
CVE-2023-34212
Affected software: Apache NiFi (versions 1.8.0–1.21.0). Vulnerability: The JndiJmsConnectionFactoryProvider Controller Service, with ConsumeJMS and PublishJMS Processors, allows an authenticated/authorized user to configure URL and library properties that enable deserialization of untrusted data ...