logo

Database

Lack of data validation In org.apache.nifi:nifi

Description

Injection in Apache NiFi In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2017-56362. NVD-2017-56363. OSV-2017-56364. GCVE-2017-5636

References

1. https://nifi.apache.org/security.html#CVE-2017-56362. http://www.securityfocus.com/bid/96731

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.