VYPR

Maven package

org.apache.nifi/nifi-web-ui

pkg:maven/org.apache.nifi/nifi-web-ui

Vulnerabilities (2)

  • CVE-2024-45477Oct 29, 2024
    affected >= 1.10.0, < 1.28.0fixed 1.28.0

    Apache NiFi 1.10.0 through 1.27.0 and 2.0.0-M1 through 2.0.0-M3 support a description field for Parameters in a Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary Java

  • CVE-2024-37389Jul 8, 2024
    affected >= 1.10.0, < 1.27.0fixed 1.27.0

    Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code,