logo

Database

Insecure deserialization In org.apache.nifi:nifi-framework-cluster-protocol

Description

Denial of service via deserialization attack in nifi A vulnerability found in Apache NIFI before 1.5.0-RC1. Attacker can perform XXE attacks through JAXB.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2017-157032. NVD-2017-157033. OSV-2017-157034. GCVE-2017-157035. nifi.apache.org

References

1. https://github.com/apache/nifi/commit/9e2c7be7d3c6a380c5f61074d9a5a690b617c3dc

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-6JXII – Vulnerability | Fluid Attacks Database