Количество 2
Количество 2
CVE-2017-15703
Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release.
GHSA-xwx6-vmj4-5rv8
Denial of service via deserialization attack in nifi
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2017-15703 Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release. | CVSS3: 5 | 0% Низкий | больше 7 лет назад |
| GHSA-xwx6-vmj4-5rv8 Denial of service via deserialization attack in nifi | CVSS3: 5 | 0% Низкий | почти 6 лет назад |
Уязвимостей на страницу