logo

Database

Lack of data validation In org.apache.nifi:nifi

Description

Apache NiFi host header poisoning issue A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. The fix to sanitize host headers and compare to a controlled whitelist was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2017-126322. NVD-2017-126323. OSV-2017-126324. GCVE-2017-12632

References

1. https://nifi.apache.org/security.html#CVE-2017-12632

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.