Maven package
org.apache.nifi.registry/nifi-registry-core
pkg:maven/org.apache.nifi.registry/nifi-registry-core
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-33140 | — | >= 0.6.0, < 1.16.3 | 1.16.3 | Jun 15, 2022 | The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is no |
- CVE-2022-33140Jun 15, 2022affected >= 0.6.0, < 1.16.3fixed 1.16.3
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is no