Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nifi vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-15697
A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. The fix to properly handle these headers was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade t...
Apache Nifi
5
CVSSv2
CVE-2020-9486
In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext.
Apache Nifi
5
CVSSv2
CVE-2020-9487
In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly reque...
Apache Nifi
4.3
CVSSv2
CVE-2018-17193
The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Mitigation: The fix to correctly parse and sanitize the request attribute value was applied on the Apache NiFi 1.8.0 release. Us...
Apache Nifi
4
CVSSv2
CVE-2019-10080
The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the versions of Java, Jersey, and A...
Apache Nifi
5
CVSSv2
CVE-2019-10083
When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which the user may not have had rea...
Apache Nifi
5
CVSSv2
CVE-2017-12632
A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. The fix to sanitize host headers and compare to a controlled whitelist was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to...
Apache Nifi
5
CVSSv2
CVE-2018-1310
Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache Ni...
Apache Nifi
NA
CVE-2023-36542
Apache NiFi 0.0.2 up to and including 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces...
Apache Nifi
NA
CVE-2023-34212
The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 up to and including 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untruste...
Apache Nifi
3 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »