Apache Nifi Vulnerabilities

Optional Debug Logging in Apache NiFi Could Lead to Sensitive Information Disclosure

CVE-2024-52067

ApacheApache Nifi

Apache NiFi vulnerable to cross-site scripting

CVE-2024-37389

ApacheApache Nifi4.6MEDIUM

Apache NiFi: Improper Neutralization of Input in Advanced User Interface for Jolt

CVE-2023-49145

ApacheApache NiFi5.4MEDIUM

Apache NiFi MiNiFi C++: Incorrect Certificate Validation in InvokeHTTP for MiNiFi C++

CVE-2023-41180

ApacheApache Nifi Minifi C++5.9MEDIUM

Apache NiFi: Incomplete Validation of JDBC and JNDI Connection URLs

CVE-2023-40037

ApacheApache Nifi👾🟡6.5MEDIUM

Apache NiFi: Potential Code Injection with Properties Referencing Remote Resources

CVE-2023-36542

ApacheApache Nifi8.8HIGH

Apache NiFi: Potential Deserialization of Untrusted Data with JNDI in JMS Components

CVE-2023-34212

ApacheApache Nifi👾🟡6.5MEDIUM

Apache NiFi: Potential Code Injection with Database Services using H2

CVE-2023-34468

ApacheApache Nifi👾🟡EPSS 72%📰8.8HIGH

Apache NiFi: Improper Restriction of XML External Entity References in ExtractCCDAAttributes

CVE-2023-22832

ApacheApache NiFi7.5HIGH

Improper Neutralization of Command Elements in Shell User Group Provider

CVE-2022-33140

ApacheApache NifiEPSS 11%8.8HIGH

Improper Restriction of XML External Entity References in Multiple Components

CVE-2022-29265

ApacheApache Nifi7.5HIGH

Insufficiently protected credentials

CVE-2022-26850

ApacheApache Nifi4.3MEDIUM

Apache NiFi information disclosure by XXE

CVE-2021-44145

ApacheApache Nifi6.5MEDIUM

MiNiFi CPP arbitrary script execution is possible on the agent's host machine through the c2 protocol

CVE-2021-33191

ApacheApache Nifi - Minifi C++9.8CRITICAL

CVE-2020-9491

ApacheApache Nifi7.5HIGH

CVE-2020-13940

ApacheApache Nifi5.5MEDIUM

CVE-2020-9487

ApacheApache Nifi7.5HIGH

CVE-2020-9486

ApacheApache Nifi7.5HIGH

CVE-2020-9482

ApacheApache Nifi Registry6.5MEDIUM

CVE-2020-1942

ApacheApache Nifi7.5HIGH

CVE-2020-1933

ApacheApache Nifi6.1MEDIUM

CVE-2020-1928

ApacheApache Nifi5.3MEDIUM

CVE-2019-10083

ApacheApache Nifi5.3MEDIUM

CVE-2019-12421

ApacheApache Nifi8.8HIGH

CVE-2019-10080

ApacheApache Nifi6.5MEDIUM

Apache Nifi Vulnerabilities

Vulnerability Published:

Sort By:

21 November 2024

Optional Debug Logging in Apache NiFi Could Lead to Sensitive Information Disclosure

8 July 2024

Apache NiFi vulnerable to cross-site scripting

27 November 2023

Apache NiFi: Improper Neutralization of Input in Advanced User Interface for Jolt

3 September 2023

Apache NiFi MiNiFi C++: Incorrect Certificate Validation in InvokeHTTP for MiNiFi C++

18 August 2023

Apache NiFi: Incomplete Validation of JDBC and JNDI Connection URLs

29 July 2023

Apache NiFi: Potential Code Injection with Properties Referencing Remote Resources

12 June 2023

Apache NiFi: Potential Deserialization of Untrusted Data with JNDI in JMS Components

Apache NiFi: Potential Code Injection with Database Services using H2

10 February 2023

Apache NiFi: Improper Restriction of XML External Entity References in ExtractCCDAAttributes

15 June 2022

Improper Neutralization of Command Elements in Shell User Group Provider

30 April 2022

Improper Restriction of XML External Entity References in Multiple Components

6 April 2022

Insufficiently protected credentials

17 December 2021

Apache NiFi information disclosure by XXE

24 August 2021

MiNiFi CPP arbitrary script execution is possible on the agent's host machine through the c2 protocol

1 October 2020

28 April 2020

11 February 2020

28 January 2020

19 November 2019