Maven/org.apache.nifi:nifi — 21 CVEs

CRITICAL9.8CVE-2017-5636Injection in Apache NiFi

from 0, < 0.7.2

CRITICAL9.8CVE-2017-15697Apache NiFi XSS issue in context path handling

>= 1.0.0, < 1.5.0

HIGH8.8CVE-2022-33140Code injection in Apache NiFi and NiFi Registry

>= 1.10.0, < 1.16.3

HIGH7.5Origin Validation Error in Apache NiFi

from 0, < 0.7.4

HIGH7.5Apache NiFi host header poisoning issue

>= 1.0.0, < 1.5.0

HIGH7.5Apache NiFi JMS Deserialization issue

from 0, < 1.6.0

HIGH7.5Improper Authentication In Apache NiFi

from 0, < 0.7.2

HIGH7.5Multiple components in Apache NiFi do not restrict XML External Entity references

>= 0.0.1, < 1.16.1

HIGH7.5Inadequate Encryption Strength in Apache NiFi

>= 1.2.0, < 1.12.0-RC1

HIGH7.5Missing Authentication for Critical Function in Apache NiFi

>= 1.0.0, < 1.12.0-RC1

HIGH7.5Cleartext Transmission of Sensitive Information in Apache nifi

>= 1.0.0, < 1.8.0

MEDIUM6.5XML External Entity Reference in Apache NiFi

>= 1.0.0, < 1.4.0

MEDIUM6.5Exposure of Sensitive Information to an Unauthorized Actor in Apache NiFi

from 0, < 1.15.1

MEDIUM6.5Apache NiFi information disclosure by XXE

>= 1.3.0, < 1.10.0

MEDIUM6.5Improper Restriction of Rendered UI Layers or Frames in Apache nifif

>= 1.0.0, < 1.8.0

MEDIUM6.1Cross-site Scripting in Apache NiFi

from 0, < 0.7.4

MEDIUM6.1Cross-site scripting in Apache NiFi

>= 1.0.0, < 1.11.0

MEDIUM6.1Cross site scripting in org.apache.nifi:nifi

>= 1.0.0, < 1.8.0

MEDIUM5.5Improper Restriction of XML External Entity Reference in Apache NiFi

>= 1.0.0, < 1.12.0-RC1

MEDIUM5.4Cross-site Scripting in Apache NiFi

from 0, < 1.0.1

MEDIUM5.3Apache NiFi process group information disclosure

>= 1.3.0, < 1.10.0

pkg:Maven/org.apache.nifi:nifi