Maven package
org.apache.nifi/nifi-framework-cluster-protocol
pkg:maven/org.apache.nifi/nifi-framework-cluster-protocol
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-15703 | Med | 5.0 | < 1.5.0 | 1.5.0 | Jan 25, 2018 | Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4. |
- affected < 1.5.0fixed 1.5.0
Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.