Skip to content

Denial of service via deserialization attack in nifi

Moderate severity GitHub Reviewed Published Oct 25, 2019 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

maven org.apache.nifi:nifi-framework-cluster-protocol (Maven)

Affected versions

< 1.5.0

Patched versions

1.5.0

Description

A vulnerability found in Apache NIFI before 1.5.0-RC1. Attacker can perform XXE attacks through JAXB.

References

Reviewed Oct 25, 2019
Published to the GitHub Advisory Database Oct 25, 2019
Last updated Jan 9, 2023

Severity

Moderate
5.0
/ 10

CVSS base metrics

Attack vector
Local
Attack complexity
Low
Privileges required
Low
User interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Weaknesses

CVE ID

CVE-2017-15703

GHSA ID

GHSA-xwx6-vmj4-5rv8

Source code

No known source code
Checking history
See something to contribute? Suggest improvements for this vulnerability.