Nifi@1.0.1 Security Vulnerabilities and Issues — Nifi@1.0.1 CVE List

Lucene search

ApacheNifi1.0.1

3 matches found

CVE•added 2017/10/10 6:29 p.m.•61 views

CVE-2017-12623

An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appr...

6.5CVSS6.5AI score0.00506EPSS

CVE•added 2017/06/12 4:29 p.m.•57 views

CVE-2017-7667

Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.

7.5CVSS7.4AI score0.00397EPSS

CVE•added 2017/06/12 4:29 p.m.•48 views

CVE-2017-7665

In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.

6.1CVSS6AI score0.0106EPSS