2.0.0
9 years ago
1 months ago
Known vulnerabilities in the org.apache.nifi:nifi-standard-processors package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
org.apache.nifi:nifi-standard-processors is a powerful, and reliable system to process and distribute data Affected versions of this package are vulnerable to Arbitrary Code Injection when retrieving a driver via remote URI. Permissions are not sufficiently checked when allowing users to reference remote resources. How to fix Arbitrary Code Injection? Upgrade | [0.0.2-incubating,1.23.0) |
org.apache.nifi:nifi-standard-processors is a powerful, and reliable system to process and distribute data Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the How to fix XML External Entity (XXE) Injection? Upgrade | [,1.15.1) |
org.apache.nifi:nifi-standard-processors is a powerful, and reliable system to process and distribute data Affected versions of this package are vulnerable to Information Exposure. Username and passwords in How to fix Information Exposure? Upgrade | [,0.4.0) |
org.apache.nifi:nifi-standard-processors is a system to process and distribute data. Affected versions of this package are vulnerable to Arbitrary Code Execution via the SplitXML processor. An attacker could send a malicious XML file that could cause information disclosure or remote code execution. How to fix XML External Entity (XXE) Injection? Upgrade | [,1.6.0) |