pkg:maven/org.apache.nifi/nifi
Type
maven
Namespace
org.apache.nifi
Name
nifi
Known advisories, vulnerabilities and fixes for org.apache.nifi/nifi package.
Critical
2
High
10
Moderate
10
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 1.3.0, < 1.10.0 |
CVE-2019-10083
|
MAVEN:GHSA-26P8-XRJ2-MV53 | Apache NiFi process group information disclosure | moderate |
2019-12-02T18:18:37
(4 years ago) |
|
Fixed | = 1.10.0 |
CVE-2019-10083
|
MAVEN:GHSA-26P8-XRJ2-MV53 | Apache NiFi process group information disclosure | moderate |
2019-12-02T18:18:37
(4 years ago) |
|
Affected | >= 1.0.0, < 1.5.0 |
CVE-2017-15697
|
MAVEN:GHSA-29PH-FJF3-C5CM | Apache NiFi XSS issue in context path handling | critical |
2022-05-14T03:45:22
(2 years ago) |
|
Fixed | = 1.5.0 |
CVE-2017-15697
|
MAVEN:GHSA-29PH-FJF3-C5CM | Apache NiFi XSS issue in context path handling | critical |
2022-05-14T03:45:22
(2 years ago) |
|
Affected | >= 1.0.0, <= 1.6.0 |
CVE-2018-17192
|
MAVEN:GHSA-2XPP-75VR-22VQ | Improper Restriction of Rendered UI Layers or Frames in Apache nifif | moderate |
2018-12-20T22:02:24
(5 years ago) |
|
Fixed | = 1.8.0 |
CVE-2018-17192
|
MAVEN:GHSA-2XPP-75VR-22VQ | Improper Restriction of Rendered UI Layers or Frames in Apache nifif | moderate |
2018-12-20T22:02:24
(5 years ago) |
|
Affected | >= 1.0.0, <= 1.7.1 |
CVE-2018-17195
|
MAVEN:GHSA-3JQ8-JG75-RQV6 | Cleartext Transmission of Sensitive Information in Apache nifi | high |
2018-12-20T22:02:45
(5 years ago) |
|
Fixed | = 1.8.0 |
CVE-2018-17195
|
MAVEN:GHSA-3JQ8-JG75-RQV6 | Cleartext Transmission of Sensitive Information in Apache nifi | high |
2018-12-20T22:02:45
(5 years ago) |
|
Affected | >= 1.0.0, <= 1.11.4 |
CVE-2020-9487
|
MAVEN:GHSA-3PP3-77J6-8PH6 | Missing Authentication for Critical Function in Apache NiFi | high |
2022-01-06T20:41:04
(2 years ago) |
|
Fixed | = 1.12.0-RC1 |
CVE-2020-9487
|
MAVEN:GHSA-3PP3-77J6-8PH6 | Missing Authentication for Critical Function in Apache NiFi | high |
2022-01-06T20:41:04
(2 years ago) |
|
Affected | >= 1.0.0, <= 1.7.1 |
CVE-2018-17193
|
MAVEN:GHSA-4QQ9-RRQ6-48FF | Cross site scripting in org.apache.nifi:nifi | moderate |
2018-12-20T22:02:39
(5 years ago) |
|
Fixed | = 1.8.0 |
CVE-2018-17193
|
MAVEN:GHSA-4QQ9-RRQ6-48FF | Cross site scripting in org.apache.nifi:nifi | moderate |
2018-12-20T22:02:39
(5 years ago) |
|
Affected | >= 1.3.0, < 1.10.0 |
CVE-2019-10080
|
MAVEN:GHSA-744R-VV2G-2X6G | Apache NiFi information disclosure by XXE | moderate |
2019-12-02T18:17:36
(4 years ago) |
|
Fixed | = 1.10.0 |
CVE-2019-10080
|
MAVEN:GHSA-744R-VV2G-2X6G | Apache NiFi information disclosure by XXE | moderate |
2019-12-02T18:17:36
(4 years ago) |
|
Affected | >= 1.10.0, < 1.16.3 |
CVE-2022-33140
|
MAVEN:GHSA-77HF-23PQ-2G7C | Code injection in Apache NiFi and NiFi Registry | high |
2022-06-16T00:00:26
(2 years ago) |
|
Fixed | = 1.16.3 |
CVE-2022-33140
|
MAVEN:GHSA-77HF-23PQ-2G7C | Code injection in Apache NiFi and NiFi Registry | high |
2022-06-16T00:00:26
(2 years ago) |
|
Affected | >= 1.1.0, < 1.1.1 < 1.0.1 |
CVE-2016-8748
|
MAVEN:GHSA-G2FM-X3CP-MQW9 | Cross-site Scripting in Apache NiFi | moderate |
2022-05-14T01:05:57
(2 years ago) |
|
Fixed | = 1.1.1 = 1.0.1 |
CVE-2016-8748
|
MAVEN:GHSA-G2FM-X3CP-MQW9 | Cross-site Scripting in Apache NiFi | moderate |
2022-05-14T01:05:57
(2 years ago) |
|
Affected | >= 1.2.0, < 1.20.0 |
CVE-2023-22832
|
MAVEN:GHSA-HXJP-Q6C3-38FX | XML External Entity Reference in Apache NiFi | high |
2023-02-10T09:30:23
(19 months ago) |
|
Fixed | = 1.20.0 |
CVE-2023-22832
|
MAVEN:GHSA-HXJP-Q6C3-38FX | XML External Entity Reference in Apache NiFi | high |
2023-02-10T09:30:23
(19 months ago) |
|
Affected | >= 1.0.0, < 1.1.2 < 0.7.2 |
CVE-2017-5635
|
MAVEN:GHSA-JGJ9-6V78-6G8M | Improper Authentication In Apache NiFi | high |
2022-05-13T01:46:13
(2 years ago) |
|
Fixed | = 1.1.2 = 0.7.2 |
CVE-2017-5635
|
MAVEN:GHSA-JGJ9-6V78-6G8M | Improper Authentication In Apache NiFi | high |
2022-05-13T01:46:13
(2 years ago) |
|
Affected | >= 1.0.0, < 1.1.2 < 0.7.2 |
CVE-2017-5636
|
MAVEN:GHSA-JRCC-7JF5-3PXG | Injection in Apache NiFi | critical |
2022-05-17T00:26:04
(2 years ago) |
|
Fixed | = 1.1.2 = 0.7.2 |
CVE-2017-5636
|
MAVEN:GHSA-JRCC-7JF5-3PXG | Injection in Apache NiFi | critical |
2022-05-17T00:26:04
(2 years ago) |
|
Affected | >= 1.0.0, < 1.3.0 < 0.7.4 |
CVE-2017-7667
|
MAVEN:GHSA-JVX9-RJ3W-JQ99 | Origin Validation Error in Apache NiFi | high |
2022-05-17T02:40:53
(2 years ago) |
|
Fixed | = 1.3.0 = 0.7.4 |
CVE-2017-7667
|
MAVEN:GHSA-JVX9-RJ3W-JQ99 | Origin Validation Error in Apache NiFi | high |
2022-05-17T02:40:53
(2 years ago) |
|
Affected | >= 1.0.0, < 1.3.0 < 0.7.4 |
CVE-2017-7665
|
MAVEN:GHSA-M5R7-W9V3-GHMX | Cross-site Scripting in Apache NiFi | moderate |
2022-05-17T02:40:53
(2 years ago) |
|
Fixed | = 1.3.0 = 0.7.4 |
CVE-2017-7665
|
MAVEN:GHSA-M5R7-W9V3-GHMX | Cross-site Scripting in Apache NiFi | moderate |
2022-05-17T02:40:53
(2 years ago) |
|
Affected | < 1.6.0 |
CVE-2018-1310
|
MAVEN:GHSA-P76J-5V6V-6C22 | Apache NiFi JMS Deserialization issue | high |
2022-05-14T03:16:19
(2 years ago) |
|
Fixed | = 1.6.0 |
CVE-2018-1310
|
MAVEN:GHSA-P76J-5V6V-6C22 | Apache NiFi JMS Deserialization issue | high |
2022-05-14T03:16:19
(2 years ago) |
|
Affected | >= 1.0.0, <= 1.10.0 |
CVE-2020-1933
|
MAVEN:GHSA-PQHQ-XX62-2V2P | Cross-site scripting in Apache NiFi | moderate |
2022-01-06T20:35:39
(2 years ago) |
|
Fixed | = 1.11.0 |
CVE-2020-1933
|
MAVEN:GHSA-PQHQ-XX62-2V2P | Cross-site scripting in Apache NiFi | moderate |
2022-01-06T20:35:39
(2 years ago) |
|
Affected | >= 1.0.0, <= 1.11.4 |
CVE-2020-13940
|
MAVEN:GHSA-Q4XF-3PMQ-3HW8 | Improper Restriction of XML External Entity Reference in Apache NiFi | moderate |
2022-01-06T20:41:00
(2 years ago) |
|
Fixed | = 1.12.0-RC1 |
CVE-2020-13940
|
MAVEN:GHSA-Q4XF-3PMQ-3HW8 | Improper Restriction of XML External Entity Reference in Apache NiFi | moderate |
2022-01-06T20:41:00
(2 years ago) |
|
Affected | >= 1.0.0, < 1.4.0 |
CVE-2017-12623
|
MAVEN:GHSA-QJ7F-J6H9-G5RQ | XML External Entity Reference in Apache NiFi | moderate |
2022-05-17T00:26:27
(2 years ago) |
|
Fixed | = 1.4.0 |
CVE-2017-12623
|
MAVEN:GHSA-QJ7F-J6H9-G5RQ | XML External Entity Reference in Apache NiFi | moderate |
2022-05-17T00:26:27
(2 years ago) |
|
Affected | >= 1.2.0, <= 1.11.4 |
CVE-2020-9491
|
MAVEN:GHSA-RFMP-JVR7-HX78 | Inadequate Encryption Strength in Apache NiFi | high |
2022-01-06T20:41:06
(2 years ago) |
|
Fixed | = 1.12.0-RC1 |
CVE-2020-9491
|
MAVEN:GHSA-RFMP-JVR7-HX78 | Inadequate Encryption Strength in Apache NiFi | high |
2022-01-06T20:41:06
(2 years ago) |
|
Affected | < 1.15.1 |
CVE-2021-44145
|
MAVEN:GHSA-RQ96-QHC5-VM4R | Exposure of Sensitive Information to an Unauthorized Actor in Apache NiFi | moderate |
2022-01-05T17:33:32
(2 years ago) |
|
Fixed | = 1.15.1 |
CVE-2021-44145
|
MAVEN:GHSA-RQ96-QHC5-VM4R | Exposure of Sensitive Information to an Unauthorized Actor in Apache NiFi | moderate |
2022-01-05T17:33:32
(2 years ago) |
|
Affected | >= 1.0.0, < 1.5.0 |
CVE-2017-12632
|
MAVEN:GHSA-W4X6-J349-9R57 | Apache NiFi host header poisoning issue | high |
2022-05-14T03:45:20
(2 years ago) |
|
Fixed | = 1.5.0 |
CVE-2017-12632
|
MAVEN:GHSA-W4X6-J349-9R57 | Apache NiFi host header poisoning issue | high |
2022-05-14T03:45:20
(2 years ago) |
|
Affected | >= 0.0.1, < 1.16.1 |
CVE-2022-29265
|
MAVEN:GHSA-WC97-7623-RXWX | Multiple components in Apache NiFi do not restrict XML External Entity references | high |
2022-05-01T00:00:33
(2 years ago) |
|
Fixed | = 1.16.1 |
CVE-2022-29265
|
MAVEN:GHSA-WC97-7623-RXWX | Multiple components in Apache NiFi do not restrict XML External Entity references | high |
2022-05-01T00:00:33
(2 years ago) |