nifi-framework-core is vulnerable to Java deserialization. An authenticated user who has a valid client certificate can upload a template containing malicious code to cause a denial of service (DoS) conditions and potentially perform other attacks.
CPE | Name | Operator | Version |
---|---|---|---|
nifi-framework-core | le | 1.3.0 |