Homepage

org.apache.nifi:nifi-framework-core@1.25.0 vulnerabilities

  • latest version

    2.5.0

  • latest non vulnerable version

    2.5.0

  • first published

    10 years ago

  • latest version published

    25 days ago

  • licenses detected

  • package registry

    View on Maven Central Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.apache.nifi:nifi-framework-core package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Insertion of Sensitive Information into Log File

    org.apache.nifi:nifi-framework-core is a system to process and distribute data.

    Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to the debug logging feature during the flow synchronization process. An attacker can cause the application to write Parameter names and values to the application log.

    Notes:

    1)Parameter Context values may contain sensitive information depending on application flow configuration.

    1. This is only exploitable if the attacker has administrative privileges to expose sensitive information by enabling debug logging, which leads to the logging of sensitive Parameter Context values.

    How to fix Insertion of Sensitive Information into Log File?

    Upgrade org.apache.nifi:nifi-framework-core to version 1.28.1, 2.0.0 or higher.

    [1.16.0,1.28.1)[2.0.0-M1,2.0.0)
    Go back to all versions of this package