Nifi@1.1.1 Security Vulnerabilities and Issues — Nifi@1.1.1 CVE List

Lucene search

ApacheNifi1.1.1

5 matches found

CVE•added 2017/10/10 6:29 p.m.•61 views

CVE-2017-12623

An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appr...

6.5CVSS6.5AI score0.00506EPSS

CVE•added 2017/10/19 8:29 p.m.•61 views

CVE-2017-5636

In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node.

9.8CVSS9.5AI score0.01041EPSS

CVE•added 2017/06/12 4:29 p.m.•57 views

CVE-2017-7667

Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.

7.5CVSS7.4AI score0.00397EPSS

CVE•added 2017/10/19 8:29 p.m.•52 views

CVE-2017-5635

In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user.

7.5CVSS7.4AI score0.01131EPSS

CVE•added 2017/06/12 4:29 p.m.•48 views

CVE-2017-7665

In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.

6.1CVSS6AI score0.0106EPSS