Lucene search
K

4 matches found

OSV
OSV
added 2025/09/12 11:46 a.m.5 views

BIT-NIFI-2022-33140 Improper Neutralization of Command Elements in Shell User Group Provider

The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the...

8.8CVSS7.6AI score0.03674EPSS
Exploits0References3
OSV
OSV
added 2025/09/12 11:46 a.m.4 views

BIT-NIFI-2020-13940

In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE...

5.5CVSS6.9AI score0.01911EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/15 3:15 p.m.4 views

CVE-2022-33140

The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the...

8.8CVSS5.9AI score0.03674EPSS
Exploits0References3Affected Software2
Veracode
Veracode
added 2020/10/02 5:21 a.m.30 views

XML External Entity (XXE)

nifi-framework-api is vulnerable to XML external entity XXE attack. An attacker is able to submit requests on behalf of the server via an XXE attack as the notification service manager and various policy authorizer and user group provider objects allow trusted administrators to inadvertently...

5.5CVSS5.2AI score0.01911EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder