logo

Database

Reflected cross-site scripting (XSS) In org.apache.nifi:nifi

Description

Cross-site scripting in Apache NiFi A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2020-19332. NVD-2020-19333. OSV-2020-19334. GCVE-2020-1933

References

1. https://github.com/apache/nifi/pull/39912. https://nifi.apache.org/security.html#CVE-2020-1933

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.