CVE-2017-7665

Опубликовано: 12 июн. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.

Ссылки

http://www.securityfocus.com/bid/99009
Third Party Advisory
VDB Entry
https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce%40%3Cdev.nifi.apache.org%3E
http://www.securityfocus.com/bid/99009
Third Party Advisory
VDB Entry
https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce%40%3Cdev.nifi.apache.org%3E

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*

Версия до 0.7.3 (включая)

cpe:2.3:a:apache:nifi:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:nifi:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:nifi:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:nifi:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:nifi:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:nifi:1.2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.0106

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-m5r7-w9v3-ghmx