nifi-commons is vulnerable to remote code execution (RCE) attacks. Attackers can use a X-ProxyContextPath
or X-Forwarded-Context
header to send and execute malicious code.
CPE | Name | Operator | Version |
---|---|---|---|
nifi-commons | le | 1.4.0 | |
nifi-jetty | le | 1.4.0 | |
nifi-websocket-services-jetty | le | 1.4.0 | |
nifi-standard-processors | le | 1.4.0 | |
nifi-web-utils | le | 1.4.0 | |
nifi-properties | le | 1.4.0 |