Vulnerabilities > Apache > Nifi > 0.7.0

DATE CVE VULNERABILITY TITLE RISK
2023-11-27 CVE-2023-49145 Unspecified vulnerability in Apache Nifi
Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting.
network
low complexity
apache
5.4
2023-07-29 CVE-2023-36542 Unspecified vulnerability in Apache Nifi
Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution.
network
low complexity
apache
8.8
2023-06-12 CVE-2023-34468 Unspecified vulnerability in Apache Nifi
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC locations. You are recommended to upgrade to version 1.22.0 or later which fixes this issue.
network
low complexity
apache
8.8
2022-04-30 CVE-2022-29265 XXE vulnerability in Apache Nifi
Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration.
network
low complexity
apache CWE-611
7.5
2021-12-17 CVE-2021-44145 Information Exposure vulnerability in Apache Nifi
In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.
network
low complexity
apache CWE-200
6.5
2020-02-11 CVE-2020-1942 Information Exposure Through Log Files vulnerability in Apache Nifi
In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values.
network
low complexity
apache CWE-532
7.5
2018-05-23 CVE-2018-1310 Deserialization of Untrusted Data vulnerability in Apache Nifi
Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability.
network
low complexity
apache CWE-502
7.5
2018-05-23 CVE-2018-1309 XXE vulnerability in Apache Nifi
Apache NiFi External XML Entity issue in SplitXML processor.
network
low complexity
apache CWE-611
critical
9.8
2018-01-23 CVE-2017-12632 Improper Input Validation vulnerability in Apache Nifi
A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server.
network
low complexity
apache CWE-20
7.5
2017-10-19 CVE-2017-5636 Injection vulnerability in Apache Nifi
In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node.
network
low complexity
apache CWE-74
critical
9.8