Apache

Nifi

50 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.65%
  • Veröffentlicht 29.10.2024 09:15:07
  • Zuletzt bearbeitet 21.11.2024 09:37:50

Apache NiFi 1.10.0 through 1.27.0 and 2.0.0-M1 through 2.0.0-M3 support a description field for Parameters in a Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Con...

  • EPSS 24.03%
  • Veröffentlicht 08.07.2024 08:15:10
  • Zuletzt bearbeitet 21.11.2024 09:23:46

Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can ent...

  • EPSS 1.21%
  • Veröffentlicht 27.11.2023 23:15:07
  • Zuletzt bearbeitet 21.11.2024 08:32:55

Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTra...

  • EPSS 1.54%
  • Veröffentlicht 18.08.2023 22:15:10
  • Zuletzt bearbeitet 13.02.2025 17:17:00

Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user c...

  • EPSS 1.63%
  • Veröffentlicht 29.07.2023 08:15:48
  • Zuletzt bearbeitet 13.02.2025 17:16:42

Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The res...

  • EPSS 63.63%
  • Veröffentlicht 12.06.2023 16:15:10
  • Zuletzt bearbeitet 13.02.2025 17:16:38

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution va...

  • EPSS 2.35%
  • Veröffentlicht 12.06.2023 16:15:10
  • Zuletzt bearbeitet 13.02.2025 17:16:35

The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deseriali...

  • EPSS 1.41%
  • Veröffentlicht 10.02.2023 08:15:12
  • Zuletzt bearbeitet 24.03.2025 17:15:14

The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Doc...

  • EPSS 3.67%
  • Veröffentlicht 15.06.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 07:07:35

The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. Th...

  • EPSS 2.43%
  • Veröffentlicht 30.04.2022 08:15:06
  • Zuletzt bearbeitet 21.11.2024 06:58:50

Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. T...