Vulnerabilities > Apache > Nifi Registry

DATE CVE VULNERABILITY TITLE RISK
2022-06-15 CVE-2022-33140 OS Command Injection vulnerability in Apache Nifi and Nifi Registry
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms.
network
low complexity
apache CWE-78
8.8
8.8
2020-04-28 CVE-2020-9482 Insufficient Session Expiration vulnerability in Apache Nifi Registry 0.1.0/0.5.0
If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side.
network
low complexity
apache CWE-613
6.5
6.5