Vulnerabilities > Apache > Nifi > 1.22.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-27 | CVE-2023-49145 | Cross-site Scripting vulnerability in Apache Nifi Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. | 5.4 |
| 2023-08-18 | CVE-2023-40037 | Incorrect Comparison vulnerability in Apache Nifi 1.21.0/1.22.0 Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. | 6.5 |
| 2023-07-29 | CVE-2023-36542 | Code Injection vulnerability in Apache Nifi Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. | 8.8 |