logo

Database

Lack of data validation In org.apache.nifi:nifi

Description

Apache NiFi XSS issue in context path handling A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. The fix to properly handle these headers was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2017-156972. NVD-2017-156973. OSV-2017-156974. GCVE-2017-15697

References

1. https://nifi.apache.org/security.html#CVE-2017-15697

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.