Описание
Injection in Apache NiFi
In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node.
Пакеты
Наименование
org.apache.nifi:nifi
maven
Затронутые версииВерсия исправления
< 0.7.2
0.7.2
Наименование
org.apache.nifi:nifi
maven
Затронутые версииВерсия исправления
>= 1.0.0, < 1.1.2
1.1.2
Связанные уязвимости
CVSS3: 9.8
nvd
больше 8 лет назад
In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node.