Vulnerabilities > Apache > Nifi Registry
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-15 | CVE-2022-33140 | OS Command Injection vulnerability in Apache Nifi and Nifi Registry The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. | 6.0 |
| 2020-04-28 | CVE-2020-9482 | Insufficient Session Expiration vulnerability in Apache Nifi Registry 0.1.0/0.5.0 If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. | 6.4 |