Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache nifi 1.3.0 vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2017-12623
An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should ...
Apache Nifi 1.1.2
Apache Nifi 1.2.0
Apache Nifi 1.3.0
Apache Nifi 1.0.0
Apache Nifi 1.0.1
Apache Nifi 1.1.1
Apache Nifi 1.1.0
445
VMScore
CVE-2017-7667
Apache NiFi prior to 0.7.4 and 1.x prior to 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.
Apache Nifi 1.1.0
Apache Nifi 1.1.1
Apache Nifi 1.0.0
Apache Nifi
Apache Nifi 1.1.2
Apache Nifi 1.2.0
Apache Nifi 1.0.1
383
VMScore
CVE-2017-7665
In Apache NiFi prior to 0.7.4 and 1.x prior to 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
Apache Nifi 1.1.0
Apache Nifi 1.1.1
Apache Nifi 1.0.0
Apache Nifi
Apache Nifi 1.1.2
Apache Nifi 1.2.0
Apache Nifi 1.0.1
356
VMScore
CVE-2019-10080
The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the versions of Java, Jersey, and A...
Apache Nifi
445
VMScore
CVE-2019-10083
When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which the user may not have had rea...
Apache Nifi
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started