Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache nifi 1.2.0 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-7665
In Apache NiFi prior to 0.7.4 and 1.x prior to 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
Apache Nifi 1.1.0
Apache Nifi 1.1.1
Apache Nifi 1.0.0
Apache Nifi
Apache Nifi 1.1.2
Apache Nifi 1.2.0
Apache Nifi 1.0.1
7.5
CVSSv3
CVE-2017-7667
Apache NiFi prior to 0.7.4 and 1.x prior to 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.
Apache Nifi 1.1.0
Apache Nifi 1.1.1
Apache Nifi 1.0.0
Apache Nifi
Apache Nifi 1.1.2
Apache Nifi 1.2.0
Apache Nifi 1.0.1
6.5
CVSSv3
CVE-2017-12623
An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should ...
Apache Nifi 1.1.2
Apache Nifi 1.2.0
Apache Nifi 1.3.0
Apache Nifi 1.0.0
Apache Nifi 1.0.1
Apache Nifi 1.1.1
Apache Nifi 1.1.0
7.5
CVSSv3
CVE-2020-9491
In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and ...
Apache Nifi
7.5
CVSSv3
CVE-2023-22832
The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 up to and including 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarat...
Apache Nifi
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started