Vulnerabilities > Apache > Nifi > 1.3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-25 | CVE-2017-15703 | Deserialization of Untrusted Data vulnerability in Apache Nifi Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. | 3.5 |
| 2018-01-23 | CVE-2017-15697 | Improper Input Validation vulnerability in Apache Nifi A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. | 7.5 |
| 2018-01-23 | CVE-2017-12632 | Improper Input Validation vulnerability in Apache Nifi A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. | 5.0 |
| 2017-10-10 | CVE-2017-12623 | XXE vulnerability in Apache Nifi An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. | 4.0 |