Clickjacking Affecting org.apache.nifi:nifi-jetty-bundle Open this link in a new tab package, versions [,1.8.0)


0.0
low
  • Attack Complexity

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-JAVA-ORGAPACHENIFI-480417

  • published

    20 Dec 2018

  • disclosed

    19 Dec 2018

  • credit

    Suchithra V N

How to fix?

Upgrade org.apache.nifi:nifi-jetty-bundle to version 1.8.0 or higher.

Overview

org.apache.nifi:nifi-jetty-bundle is a Jetty bundle for Nifi

Affected versions of this package are vulnerable to Clickjacking. The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.