Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1tNXI3LXc5djMtZ2hteM4AAbfg

Moderate EPSS: 0.0106% (0.76509 Percentile) EPSS:
Permalink JSON

Cross-site Scripting in Apache NiFi

Affected Packages Affected Versions Fixed Versions
maven:org.apache.nifi:nifi >= 1.0.0, < 1.3.0, < 0.7.4 1.3.0, 0.7.4
2 Dependent packages
1 Dependent repositories

Affected Version Ranges

All affected versions

0.2.1, 0.3.0, 0.4.0, 0.4.1, 0.5.0, 0.5.1, 0.6.0, 0.6.1, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.1.2, 1.2.0

All unaffected versions

0.7.4, 1.3.0, 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.7.1, 1.8.0, 1.9.0, 1.9.1, 1.9.2, 1.10.0, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.12.0, 1.12.1, 1.13.0, 1.13.1, 1.13.2, 1.14.0, 1.15.0, 1.15.1, 1.15.2, 1.15.3, 1.16.0, 1.16.1, 1.16.2, 1.16.3, 1.17.0, 1.18.0, 1.19.0, 1.19.1, 1.20.0, 1.21.0, 1.22.0, 1.23.0, 1.23.1, 1.23.2, 1.24.0, 1.25.0, 1.26.0, 1.27.0, 1.28.0, 1.28.1, 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.4.0, 2.5.0

In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.

References:

Identifiers

GHSA-m5r7-w9v3-ghmx

CVE-2017-7665

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.0106

EPSS Percentile: 0.76509

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

over 3 years ago

Updated

over 2 years ago

API

JSON