Medium severity5.0NVD Advisory· Published Jan 25, 2018· Updated Jun 17, 2026
CVE-2017-15703
CVE-2017-15703
Description
Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.nifi:nifi-framework-cluster-protocolMaven | < 1.5.0 | 1.5.0 |
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-xwx6-vmj4-5rv8ghsaADVISORY
- nifi.apache.org/security.htmlnvdVendor Advisory
- github.com/apache/nifi/commit/9e2c7be7d3c6a380c5f61074d9a5a690b617c3dcghsaWEB
News mentions
0No linked articles in our index yet.