Vulnerabilities > Apache > Nifi > 1.4.0

DATE CVE VULNERABILITY TITLE RISK
2018-01-25 CVE-2017-15703 Deserialization of Untrusted Data vulnerability in Apache Nifi
Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack.
network
apache CWE-502
3.5
3.5
2018-01-23 CVE-2017-15697 Improper Input Validation vulnerability in Apache Nifi
A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution.
network
low complexity
apache CWE-20
7.5
7.5
2018-01-23 CVE-2017-12632 Improper Input Validation vulnerability in Apache Nifi
A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server.
network
low complexity
apache CWE-20
5.0
5.0