VYPR

Maven package

org.apache.nifi/nifi-framework-cluster-protocol

pkg:maven/org.apache.nifi/nifi-framework-cluster-protocol

Vulnerabilities (1)

  • CVE-2017-15703MedJan 25, 2018
    affected < 1.5.0fixed 1.5.0

    Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.