CVE-2017-7665

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-7665
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7665.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-7665
Aliases
Published
2017-06-12T16:29:00.217Z
Modified
2026-04-10T04:00:59.080256Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.

References

Affected packages

Git / github.com/apache/nifi

Affected ranges

Type
GIT
Repo
https://github.com/apache/nifi
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
78532ef44fb8b830a5316ce10a5cc7862bc3b5b2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
74d5224783dfdc513f6b3ad5ed96671d3c581707
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1890f6c522514027ae46f86601f4771f62cadc6d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5536f690a81418955442d52687695f65f0a44cd0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a92f2e36ed6be695e4dc6f624f6b3a96e6d1a57c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e31088642b6fdc7cafb52208a6ba29216dde7898
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3a605af8e0ac024fb0ba67262d49dab2727b2576
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.7.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.2.0"
        }
    ]
}

Affected versions

docker/nifi-1.*
docker/nifi-1.2.0
nifi-0.*
nifi-0.2.0-incubating-RC1
nifi-0.4.1
nifi-0.4.1-RC1
nifi-0.6.0
nifi-0.6.0-RC2
nifi-0.7.0-RC2
nifi-0.7.1-RC1
nifi-0.7.3-RC1
nifi-1.*
nifi-1.0.0-RC1
nifi-1.0.1-RC1
nifi-1.1.0-RC2
nifi-1.1.1-RC1
nifi-1.1.2-RC1
nifi-1.2.0-RC2
rel/nifi-0.*
rel/nifi-0.7.0
rel/nifi-0.7.1
rel/nifi-0.7.3
rel/nifi-1.*
rel/nifi-1.0.0
rel/nifi-1.0.1
rel/nifi-1.1.0
rel/nifi-1.1.1
rel/nifi-1.1.2
rel/nifi-1.2.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7665.json"