Clickjacking Affecting org.apache.nifi:nifi-jetty-bundle Open this link in a new tab package, versions [,1.8.0)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
20 Dec 2018
19 Dec 2018
Suchithra V N
How to fix?
org.apache.nifi:nifi-jetty-bundle to version 1.8.0 or higher.
org.apache.nifi:nifi-jetty-bundle is a Jetty bundle for Nifi
Affected versions of this package are vulnerable to Clickjacking. The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.