Maven package
org.apache.nifi/nifi-web-ui
pkg:maven/org.apache.nifi/nifi-web-ui
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-45477 | — | >= 1.10.0, < 1.28.0 | 1.28.0 | Oct 29, 2024 | Apache NiFi 1.10.0 through 1.27.0 and 2.0.0-M1 through 2.0.0-M3 support a description field for Parameters in a Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary Java | ||
| CVE-2024-37389 | — | >= 1.10.0, < 1.27.0 | 1.27.0 | Jul 8, 2024 | Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, |
- CVE-2024-45477Oct 29, 2024affected >= 1.10.0, < 1.28.0fixed 1.28.0
Apache NiFi 1.10.0 through 1.27.0 and 2.0.0-M1 through 2.0.0-M3 support a description field for Parameters in a Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary Java
- CVE-2024-37389Jul 8, 2024affected >= 1.10.0, < 1.27.0fixed 1.27.0
Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code,