apache-nifi vulnerabilities

Known vulnerabilities in the apache-nifi package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L GHSA-mqvr-2rp8-j7h4	<2.0.0-r5
L CVE-2024-38829	<2.0.0-r5
L GHSA-2x2g-32r7-p4x8	<2.0.0-r4
L Improper Privilege Management	<2.0.0-r4
L CVE-2024-36124	<2.0.0-r0
L CVE-2024-38821	<2.0.0-r0
M CVE-2024-6763	<2.0.0-r0
L GHSA-cfxw-4h78-h7fw	<2.0.0-r0
L GHSA-78wr-2p64-hpwj	<2.0.0-r0
L Resource Exhaustion	<2.0.0-r0
L CVE-2024-25638	<2.0.0-r0
L GHSA-8wh2-6qhj-h7j9	<2.0.0-r0
L GHSA-qh8g-58pp-2wxh	<2.0.0-r0
L GHSA-c4q5-6c82-3qpw	<2.0.0-r0
L CVE-2024-36114	<2.0.0-r0
M CVE-2024-38820	<2.0.0-r0
L GHSA-f5fw-25gw-5m92	<2.0.0-r0
L GHSA-4gc7-5j7h-4qph	<2.0.0-r0
L CVE-2024-7254	<2.0.0-r0
L Improper Privilege Management	<2.0.0-r0
L GHSA-973x-65j7-xcf4	<2.0.0-r0
L GHSA-735f-pc8j-v9w8	<2.0.0-r0
L CVE-2024-38809	<1.27.0-r1
L GHSA-2rmj-mq67-h97g	<1.27.0-r1
L CVE-2024-38808	<1.27.0-r1
L GHSA-9cmq-m9j5-mvww	<1.27.0-r1
M Cross-site Scripting (XSS)	<1.27.0-r0
L GHSA-h658-qqv9-qwv8	<1.27.0-r0
M Allocation of Resources Without Limits or Throttling	<1.26.0-r2
L GHSA-6qvw-249j-h44c	<1.26.0-r2
L GHSA-8xfc-gm6g-vgpv	<1.26.0-r2
L GHSA-4265-ccf5-phj5	<1.26.0-r2
L CVE-2024-29025	<1.26.0-r2
L GHSA-rcjc-c4pj-xxrp	<1.26.0-r2
H CVE-2022-3510	<1.26.0-r2
H XML External Entity (XXE) Injection	<1.26.0-r2
L GHSA-6mjq-h674-j845	<1.26.0-r2
H Uncontrolled Recursion	<1.26.0-r2
L GHSA-3x8x-79m2-3w2w	<1.26.0-r2
H Files or Directories Accessible to External Parties	<1.26.0-r2
M Allocation of Resources Without Limits or Throttling	<1.26.0-r2
L GHSA-v435-xc8x-wvr9	<1.26.0-r2
H Deserialization of Untrusted Data	<1.26.0-r2
L GHSA-jjjh-jjxp-wpff	<1.26.0-r2
H Out-of-bounds Write	<1.26.0-r2
L GHSA-5jpm-x58v-624v	<1.26.0-r2
H Resource Exhaustion	<1.26.0-r2
H CVE-2023-52428	<1.26.0-r2
L GHSA-hr8g-6v94-x4m9	<1.26.0-r2
C Arbitrary Code Injection	<1.26.0-r2
L GHSA-wrvw-hg22-4m67	<1.26.0-r2
M Resource Exhaustion	<1.26.0-r2
L CVE-2024-29857	<1.26.0-r2
L GHSA-m44j-cfrm-g8qc	<1.26.0-r2
M CVE-2021-22569	<1.26.0-r2
M HTTP Response Splitting	<1.26.0-r2
L GHSA-wjxj-5m7g-mg7q	<1.26.0-r2
L GHSA-77rm-9x9h-xj3g	<1.26.0-r2
L GHSA-g5ww-5jh7-63cx	<1.26.0-r2
M Information Exposure	<1.26.0-r2
L CVE-2024-34447	<1.26.0-r2
L GHSA-h4h5-3hr4-j3g2	<1.26.0-r2
L GHSA-hh82-3pmq-7frp	<1.26.0-r2
H Deserialization of Untrusted Data	<1.26.0-r2
H CVE-2022-3509	<1.26.0-r2
L CVE-2024-30171	<1.26.0-r2
L GHSA-gvpg-vgmx-xg6w	<1.26.0-r2
M NULL Pointer Dereference	<1.26.0-r2
M Resource Exhaustion	<1.26.0-r2
L GHSA-mvr2-9pj6-7w5j	<1.26.0-r2
H CVE-2022-3171	<1.26.0-r2
L GHSA-rgv9-q543-rqg4	<1.26.0-r2
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1.26.0-r2
L GHSA-3j6g-hxx5-3q26	<1.26.0-r2
M Improper Certificate Validation	<1.26.0-r2
L GHSA-4h8f-2wvx-gg5w	<1.26.0-r2
L Out-of-bounds Write	<1.26.0-r2
L GHSA-mm8h-8587-p46h	<1.26.0-r2
L CVE-2023-51775	<1.26.0-r2
L GHSA-7g45-4rm6-3mm3	<1.26.0-r2
L GHSA-xjp4-hw94-mvp5	<1.26.0-r2
L CVE-2024-30172	<1.26.0-r2
L GHSA-fx2c-96vj-985v	<1.26.0-r2
L Out-of-bounds Write	<1.26.0-r2
L GHSA-xpw8-rcwv-8f8p	<1.26.0-r2
L GHSA-5mg8-w23w-74h3	<1.26.0-r2
H Allocation of Resources Without Limits or Throttling	<1.26.0-r2
L GHSA-4g9r-vxhx-9pgx	<1.26.0-r2
L GHSA-57j2-w4cx-62h2	<1.26.0-r2
L GHSA-9w38-p64v-xpmv	<1.26.0-r2
L GHSA-4gg5-vx3j-xwc7	<1.26.0-r2
L GHSA-288c-cq4h-88gq	<1.26.0-r2
L Incorrect Permission Assignment for Critical Resource	<1.26.0-r2

Vulnerability

Vulnerable Version

GHSA-mqvr-2rp8-j7h4

<2.0.0-r5

CVE-2024-38829

<2.0.0-r5

GHSA-2x2g-32r7-p4x8

<2.0.0-r4

Improper Privilege Management

<2.0.0-r4

CVE-2024-36124

<2.0.0-r0