Описание
Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.6.0 (исключая)
cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.01625
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-502
Связанные уязвимости
EPSS
Процентиль: 82%
0.01625
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-502