📦 Nifi

This vulnerability allows remote code execution on Apache NiFi systems through unsafe Java deserialization in the GetAsanaObject Processor. Attackers can exploit it by injecting malicious objects into...

This DOM-based cross-site scripting vulnerability in Apache NiFi's JoltTransformJSON Processor allows authenticated users with configuration privileges to execute arbitrary JavaScript by visiting a cr...

This vulnerability allows authenticated and authorized Apache NiFi users to configure HTTP URL references for retrieving drivers, enabling custom code execution. It affects Apache NiFi versions 0.0.2 ...

This vulnerability allows XML External Entity (XXE) attacks in Apache NiFi's ExtractCCDAAttributes Processor. Attackers can exploit this to read arbitrary files from the server or potentially cause de...

This vulnerability allows authenticated users with permission to create Process Groups in Apache NiFi to bypass authorization checks for Parameter Contexts, Controller Services, and Parameter Provider...

Apache NiFi versions 1.16.0-1.28.0 and 2.0.0-M1-2.0.0-M4 have debug logging that can expose sensitive parameter values when enabled. Authorized administrators can enable debug logging during flow sync...