Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache nifi vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2017-7665
In Apache NiFi prior to 0.7.4 and 1.x prior to 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
Apache Nifi 1.1.0
Apache Nifi 1.1.1
Apache Nifi 1.0.0
Apache Nifi
Apache Nifi 1.1.2
Apache Nifi 1.2.0
Apache Nifi 1.0.1
445
VMScore
CVE-2017-7667
Apache NiFi prior to 0.7.4 and 1.x prior to 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.
Apache Nifi 1.1.0
Apache Nifi 1.1.1
Apache Nifi 1.0.0
Apache Nifi
Apache Nifi 1.1.2
Apache Nifi 1.2.0
Apache Nifi 1.0.1
356
VMScore
CVE-2017-12623
An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should ...
Apache Nifi 1.1.2
Apache Nifi 1.2.0
Apache Nifi 1.3.0
Apache Nifi 1.0.0
Apache Nifi 1.0.1
Apache Nifi 1.1.1
Apache Nifi 1.1.0
445
VMScore
CVE-2017-5635
In Apache NiFi prior to 0.7.2 and 1.x prior to 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user.
Apache Nifi 0.7.1
Apache Nifi 0.7.0
Apache Nifi 1.1.1
Apache Nifi 1.1.0
668
VMScore
CVE-2017-5636
In Apache NiFi prior to 0.7.2 and 1.x prior to 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request t...
Apache Nifi 0.7.0
Apache Nifi 1.1.1
Apache Nifi 0.7.1
Apache Nifi 1.1.0
312
VMScore
CVE-2016-8748
In Apache NiFi prior to 1.0.1 and 1.1.x prior to 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.
Apache Nifi 1.1.0
Apache Nifi
534
VMScore
CVE-2022-33140
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is no...
Apache Nifi Registry
Apache Nifi
NA
CVE-2023-36542
Apache NiFi 0.0.2 up to and including 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces...
Apache Nifi
445
VMScore
CVE-2020-9486
In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext.
Apache Nifi
445
VMScore
CVE-2020-9487
In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly reque...
Apache Nifi
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »