Apache NiFi versions 1.0.0 and 1.1.0 suffer from a cross site scripting vulnerability.
27d8af85dd965e878a3edbed6e172052a109ae2774adf35ecb90f823f2461300CVE-2016-8748: Apache NiFi XSS vulnerability in connection details dialogue
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
Apache NiFi 1.0.0
Apache NiFi 1.1.0
Description: There is a cross-site scripting vulnerability in
connection details dialog when accessed by an authorized user. The
user supplied text was not be properly handled when added to the DOM.
Mitigation:
1.0.0 users should upgrade to 1.0.1 or 1.1.1.
1.1.0 users should upgrade to 1.1.1. Additional migration guidance
can be found https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance.
Credit: This issue was discovered by Matt Gilman of the Apache NiFi
PMC during a code review.
References: https://nifi.apache.org/security.html
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed