Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wNzZqLTV2NnYtNmMyMs4AAWtR
Apache NiFi JMS Deserialization issue
Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.
Permalink: https://github.com/advisories/GHSA-p76j-5v6v-6c22JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wNzZqLTV2NnYtNmMyMs4AAWtR
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: 8 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-p76j-5v6v-6c22, CVE-2018-1310
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-1310
- https://nifi.apache.org/security.html#CVE-2018-1310
- https://github.com/advisories/GHSA-p76j-5v6v-6c22
Affected Packages
maven:org.apache.nifi:nifi
Versions: < 1.6.0Fixed in: 1.6.0