Vulnerabilities > Apache > Nifi > 1.9.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-01 | CVE-2020-13940 | XXE vulnerability in Apache Nifi In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. | 4.3 |
| 2020-02-11 | CVE-2020-1942 | Information Exposure vulnerability in Apache Nifi In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. | 5.0 |
| 2020-01-28 | CVE-2020-1933 | Cross-site Scripting vulnerability in Apache Nifi A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. | 4.3 |
| 2019-11-19 | CVE-2019-12421 | Insufficient Session Expiration vulnerability in Apache Nifi When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. | 8.8 |
| 2019-11-19 | CVE-2019-10083 | Information Exposure vulnerability in Apache Nifi When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). | 5.3 |
| 2019-11-19 | CVE-2019-10080 | XXE vulnerability in Apache Nifi The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. | 6.5 |