Vulnerabilities > Apache > Nifi > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-23 | CVE-2018-1309 | XXE vulnerability in Apache Nifi Apache NiFi External XML Entity issue in SplitXML processor. | 9.8 |
| 2018-01-23 | CVE-2017-15697 | Improper Input Validation vulnerability in Apache Nifi A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. | 9.8 |
| 2017-10-19 | CVE-2017-5636 | Injection vulnerability in Apache Nifi In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node. | 9.8 |