Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache nifi 1.2.0 vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2017-7665
In Apache NiFi prior to 0.7.4 and 1.x prior to 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
Apache Nifi 1.1.0
Apache Nifi 1.1.1
Apache Nifi 1.0.0
Apache Nifi
Apache Nifi 1.1.2
Apache Nifi 1.2.0
Apache Nifi 1.0.1
445
VMScore
CVE-2017-7667
Apache NiFi prior to 0.7.4 and 1.x prior to 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.
Apache Nifi 1.1.0
Apache Nifi 1.1.1
Apache Nifi 1.0.0
Apache Nifi
Apache Nifi 1.1.2
Apache Nifi 1.2.0
Apache Nifi 1.0.1
356
VMScore
CVE-2017-12623
An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should ...
Apache Nifi 1.1.2
Apache Nifi 1.2.0
Apache Nifi 1.3.0
Apache Nifi 1.0.0
Apache Nifi 1.0.1
Apache Nifi 1.1.1
Apache Nifi 1.1.0
446
VMScore
CVE-2020-9491
In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and ...
Apache Nifi
NA
CVE-2023-22832
The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 up to and including 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarat...
Apache Nifi
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started