org.apache.nifi:nifi@0.7.4 vulnerabilities
-
latest version
1.26.0
-
latest non vulnerable version
-
first published
9 years ago
-
latest version published
14 days ago
-
licenses detected
- [0.0.1-incubating,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.nifi:nifi package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Arbitrary Code Injection when retrieving a driver via remote URI. Permissions are not sufficiently checked when allowing users to reference remote resources. How to fix Arbitrary Code Injection? Upgrade |
[0.0.2-incubating,1.23.0)
|
org.apache.nifi:nifi is a system to process and distribute data. Affected versions of this package are vulnerable to Host Header Injection. A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. How to fix Host Header Injection? Upgrade org.apache.nifi:nifi to version 1.5.0 or higher. |
[,1.5.0)
|