Clickjacking Affecting org.apache.nifi:nifi-jetty package, versions [,1.8.0)

  • Attack Complexity


Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id


  • published

    20 Dec 2018

  • disclosed

    19 Dec 2018

  • credit

    Suchithra V N

How to fix?

Upgrade org.apache.nifi:nifi-jetty to version 1.8.0 or higher.


Affected versions of this package are vulnerable to Clickjacking. The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.