Description

In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.

Remediation

References

http://www.securityfocus.com/bid/99009

https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce%40%3Cdev.nifi.apache.org%3E

Related Vulnerabilities

CVE-2020-1935 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2020-7633 Vulnerability in npm package apiconnect-cli-plugins

CVE-2016-5725 Vulnerability in maven package com.jcraft:jsch

CVE-2019-0227 Vulnerability in maven package org.apache.axis:axis-rt-core

CVE-2018-1317 Vulnerability in maven package org.apache.zeppelin:zeppelin

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry