CVE-2021-33191

From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted binary, but might be modified to an arbitrary value through a "c2-update" command. Said command ...

EUVD-2021-19906

Malware in sbrugna...

EUVD-2023-45697

Malicious code in bioql PyPI...

CVE-2023-41180

Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14 allows an intermediary to present a forged certificate during TLS handshake negotation. The Disable Peer Verification property of InvokeHTTP was effectively flipped, disabling verification by default,...

org.apache.nifi.minifi:minifi-assembly (>=2.0.0-M1 <=2.0.0-M4), org.apache.nifi.minifi:minifi-c2-assembly (=2.0.0-M1) +26 more potentially affected by CVE-2024-52067 via org.apache.nifi:nifi-framework-core (>=2.0.0-M1 <=2.0.0-M4)

org.apache.nifi:nifi-framework-core MAVEN version =2.0.0-M1, =2.0.0-M1, =2.0.0-M2, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M3, =2.0.0-M3, =2.0.0-M3, =2.0.0-M3, =2.0.0-M3, =2.0.0-M3, =2.0.0-M4 and more Source cves: CVE-2024-52067 Source advisory: OSV:GHSA-V3VC-6QCV-4VRX...

org.apache.nifi.minifi:minifi-assembly (>=1.22.0 <=1.28.0), org.apache.nifi.minifi:minifi-c2-assembly (>=1.22.0 <=1.28.0) +22 more potentially affected by CVE-2024-52067 via org.apache.nifi:nifi-framework-core (>=1.16.0 <=1.28.0)

org.apache.nifi:nifi-framework-core MAVEN version =1.16.0, =1.22.0, =1.22.0, =1.22.0, =0.1.0, =0.1.0, =1.22.0, =1.22.0, =0.1.0, =0.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.2 and more Source cves: CVE-2024-52067 Source advisory: OSV:GHSA-V3VC-6QCV-4VRX...

CVE-2023-41180

Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14 allows an intermediary to present a forged certificate during TLS handshake negotation. The Disable Peer Verification property of InvokeHTTP was effectively flipped, disabling verification by default,...

CVE-2023-41180

Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14 allows an intermediary to present a forged certificate during TLS handshake negotation. The Disable Peer Verification property of InvokeHTTP was effectively flipped, disabling verification by default,...

Default credentials

Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14 allows an intermediary to present a forged certificate during TLS handshake negotation. The Disable Peer Verification property of InvokeHTTP was effectively flipped, disabling verification by default,...

CVE-2023-41180 Apache NiFi MiNiFi C++: Incorrect Certificate Validation in InvokeHTTP for MiNiFi C++

Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14 allows an intermediary to present a forged certificate during TLS handshake negotation. The Disable Peer Verification property of InvokeHTTP was effectively flipped, disabling verification by default,...

CVE-2023-41180 Apache NiFi MiNiFi C++: Incorrect Certificate Validation in InvokeHTTP for MiNiFi C++

Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14 allows an intermediary to present a forged certificate during TLS handshake negotation. The Disable Peer Verification property of InvokeHTTP was effectively flipped, disabling verification by default,...

CVE-2023-41180

CVE-2023-41180 affects Apache NiFi MiNiFi C++: InvokeHTTP in versions 0.13 to 0.14 has incorrect certificate validation, allowing an intermediary to present a forged certificate during TLS handshake because the Disable Peer Verification setting was effectively flipped, disabling verification by d...

PT-2023-6523 · Apache · Apache Nifi Minifi C++

Name of the Vulnerable Software and Affected Versions: Apache NiFi MiNiFi C++ versions 0.13 through 0.14 Description: The issue is related to incorrect certificate validation in the InvokeHTTP component, allowing an intermediary to present a forged certificate during TLS handshake negotiation. Th...

Apache NiFi Trust Management Issues Vulnerability

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation, and system brokering logic. A trust management issue vulnerability exists in Apache NiFi MiNiFi C++ versions 0.13 through 0.14, which stems from...

org.apache.nifi.minifi:minifi-assembly (>=1.22.0 <=1.23.0), org.apache.nifi:nifi-dbcp-service (>=1.21.0 <=1.23.0) +4 more potentially affected by CVE-2023-40037 via org.apache.nifi:nifi-dbcp-base (>=1.21.0 <=1.23.0)

org.apache.nifi:nifi-dbcp-base MAVEN version =1.21.0, =1.22.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.23.0 Source cves: CVE-2023-40037 Source advisory: OSV:GHSA-23QF-3JF9-H3Q9...

org.apache.nifi.minifi:minifi-assembly (=1.22.0), org.apache.nifi:nifi-record-serialization-services-nar (>=1.10.0 <=1.22.0) +6 more potentially affected by CVE-2023-36542 via org.apache.nifi:nifi-record-serialization-services (>=1.10.0 <=1.22.0)

org.apache.nifi:nifi-record-serialization-services MAVEN version =1.10.0, =1.10.0, =0.2.2, =0.2.2, =0.2.2, =0.2.2, =0.2.3 Source cves: CVE-2023-36542 Source advisory: OSV:GHSA-R969-8V3H-23V9...

com.hcl.commerce:commerce-search-processors (>=9.1.12.0 <=9.1.15.0), org.apache.nifi.minifi:minifi-assembly (>=1.14.0 <=1.22.0) +7 more potentially affected by CVE-2023-36542 via org.apache.nifi:nifi-standard-processors (>=0.1.0-incubating <=1.22.0)

org.apache.nifi:nifi-standard-processors MAVEN version =0.1.0-incubating, =9.1.12.0, =1.14.0, =1.14.0, =1.14.0, =0.1.0-incubating, =1.15.0, =1.14.0, =1.22.0 - org.apache.plc4x:plc4j-nifi-plc4x-nar =0.10.0 - org.apache.plc4x:plc4j-nifi-plc4x-processors =0.10.0 Source cves: CVE-2023-36542 Source...

org.apache.nifi.minifi:minifi-assembly (=1.22.0), org.apache.nifi:nifi-dbcp-service-nar (>=1.16.0 <=1.22.0) +1 more potentially affected by CVE-2023-36542 via org.apache.nifi:nifi-hikari-dbcp-service (>=1.16.0 <=1.22.0)

org.apache.nifi:nifi-hikari-dbcp-service MAVEN version =1.16.0, =1.16.0, =1.16.0, =1.18.0 Source cves: CVE-2023-36542 Source advisory: OSV:GHSA-R969-8V3H-23V9...

com.hcl.commerce:commerce-search-processors (>=9.1.12.0 <=9.1.15.0), org.apache.nifi.minifi:minifi-assembly (>=1.14.0 <=1.28.1) +8 more potentially affected by CVE-2018-1309 via org.apache.nifi:nifi-standard-processors (>=0.2.0-incubating <=1.28.1)

org.apache.nifi:nifi-standard-processors MAVEN version =0.2.0-incubating, =9.1.12.0, =1.14.0, =1.14.0, =1.14.0, =0.2.0-incubating, =1.24.0, =1.15.0, =1.14.0, =0.10.0, =0.10.0, =0.12.0 Source cves: CVE-2018-1309 Source advisory: OSV:GHSA-42WX-65G4-5CXV...

com.srotya.tau:nifi-lmm-interceptor (>=0.0.5 <=0.0.8), io.dstream.nifi:dstream-nifi (=1.0.0.M2) +248 more potentially affected by CVE-2020-1942 via org.apache.nifi:nifi-security-utils (>=0.0.2-incubating <=1.11.4)

org.apache.nifi:nifi-security-utils MAVEN version =0.0.2-incubating, =0.0.5, =0.0.20, =2.27.2, =0.0.0, =3.1.0-35emr770 - org.apache.nifi.minifi:minifi-bootstrap =0.0.1 - org.apache.nifi.minifi:minifi-framework-core =0.0.1 - org.apache.nifi.minifi:minifi-framework-nar =0.0.1 -...