High severity7.5NVD Advisory· Published Jun 12, 2017· Updated Jun 17, 2026
CVE-2017-7667
CVE-2017-7667
Description
Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.nifi:nifiMaven | < 0.7.4 | 0.7.4 |
org.apache.nifi:nifiMaven | >= 1.0.0, < 1.3.0 | 1.3.0 |
Affected products
9cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*range: <=0.7.3
- cpe:2.3:a:apache:nifi:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:nifi:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:nifi:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:nifi:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:nifi:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:nifi:1.2.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
5- www.securityfocus.com/bid/99018nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-jvx9-rj3w-jq99ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-7667ghsaADVISORY
- lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce@%3Cdev.nifi.apache.org%3EghsaWEB
- lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce%40%3Cdev.nifi.apache.org%3Envd
News mentions
0No linked articles in our index yet.