nifi-web-api is vulnerable to denial of service attacks. The vulnerability exists because there is a flaw in OkHttpReplicationClient.java
which leads to missing content-Length check for DELETE requests and non-zero Content-Length header values when a client request to a cluster node was replicated to other nodes in the cluster for verification.
CPE | Name | Operator | Version |
---|---|---|---|
nifi-framework-cluster | le | 1.6.0 | |
nifi-framework-cluster | le | 1.7.1 |