Total
43 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15703 | 1 Apache | 1 Nifi | 2024-11-21 | 3.5 LOW | 5.0 MEDIUM |
| Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release. | |||||
| CVE-2017-15697 | 1 Apache | 1 Nifi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. The fix to properly handle these headers was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release. | |||||
| CVE-2017-12632 | 1 Apache | 1 Nifi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. The fix to sanitize host headers and compare to a controlled whitelist was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release. | |||||