Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache nifi vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2018-1309
Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users...
Apache Nifi
445
VMScore
CVE-2018-1310
Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache Ni...
Apache Nifi
312
VMScore
CVE-2017-15703
Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4....
Apache Nifi
668
VMScore
CVE-2017-15697
A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. The fix to properly handle these headers was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade t...
Apache Nifi
445
VMScore
CVE-2017-12632
A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. The fix to sanitize host headers and compare to a controlled whitelist was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to...
Apache Nifi
312
VMScore
CVE-2016-8748
In Apache NiFi prior to 1.0.1 and 1.1.x prior to 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.
Apache Nifi 1.1.0
Apache Nifi
445
VMScore
CVE-2017-5635
In Apache NiFi prior to 0.7.2 and 1.x prior to 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user.
Apache Nifi 0.7.1
Apache Nifi 0.7.0
Apache Nifi 1.1.1
Apache Nifi 1.1.0
668
VMScore
CVE-2017-5636
In Apache NiFi prior to 0.7.2 and 1.x prior to 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request t...
Apache Nifi 0.7.0
Apache Nifi 1.1.1
Apache Nifi 0.7.1
Apache Nifi 1.1.0
356
VMScore
CVE-2017-12623
An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should ...
Apache Nifi 1.1.2
Apache Nifi 1.2.0
Apache Nifi 1.3.0
Apache Nifi 1.0.0
Apache Nifi 1.0.1
Apache Nifi 1.1.1
Apache Nifi 1.1.0
383
VMScore
CVE-2017-7665
In Apache NiFi prior to 0.7.4 and 1.x prior to 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
Apache Nifi 1.1.0
Apache Nifi 1.1.1
Apache Nifi 1.0.0
Apache Nifi
Apache Nifi 1.1.2
Apache Nifi 1.2.0
Apache Nifi 1.0.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »