Nifi Security Vulnerabilities and Issues — Nifi CVE List

Lucene search

ApacheNifi

3 matches found

CVE•added 2021/02/26 10:15 p.m.•297 views

CVE-2020-27223

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those qual...

5.3CVSS5.2AI score0.26008EPSS

CVE•added 2021/01/19 5:15 p.m.•237 views

CVE-2021-20190

A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

8.3CVSS7.6AI score0.00469EPSS

CVE•added 2021/12/17 9:15 a.m.•70 views

CVE-2021-44145

In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.

6.5CVSS6.3AI score0.00166EPSS