Vulnerabilities > Apache > Nifi > 0.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-30 | CVE-2022-29265 | XXE vulnerability in Apache Nifi Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. | 7.5 |
| 2020-02-11 | CVE-2020-1942 | Information Exposure Through Log Files vulnerability in Apache Nifi In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. | 7.5 |
| 2018-05-23 | CVE-2018-1310 | Deserialization of Untrusted Data vulnerability in Apache Nifi Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. | 7.5 |
| 2018-05-23 | CVE-2018-1309 | XXE vulnerability in Apache Nifi Apache NiFi External XML Entity issue in SplitXML processor. | 9.8 |
| 2018-01-23 | CVE-2017-12632 | Improper Input Validation vulnerability in Apache Nifi A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. | 7.5 |
| 2017-10-19 | CVE-2016-8748 | Cross-site Scripting vulnerability in Apache Nifi In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. | 5.4 |
| 2017-06-12 | CVE-2017-7667 | Origin Validation Error vulnerability in Apache Nifi Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin. | 7.5 |
| 2017-06-12 | CVE-2017-7665 | Cross-site Scripting vulnerability in Apache Nifi In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient. | 6.1 |