GHSA-jvx9-rj3w-jq99

Source

https://github.com/advisories/GHSA-jvx9-rj3w-jq99

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jvx9-rj3w-jq99/GHSA-jvx9-rj3w-jq99.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-jvx9-rj3w-jq99

Aliases

CVE-2017-7667

Published

2022-05-17T02:40:53Z

Modified

2023-11-08T03:59:25.975338Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Origin Validation Error in Apache NiFi

Details

Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.

Database specific

{
    "nvd_published_at": "2017-06-12T16:29:00Z",
    "github_reviewed_at": "2022-11-01T22:33:10Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-346"
    ]
}

References

Affected packages

Maven / org.apache.nifi:nifi

Package

Name: org.apache.nifi:nifi; View open source insights on deps.dev
Purl: pkg:maven/org.apache.nifi/nifi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.4

Affected versions

0.*

0.0.1-incubating

0.0.2-incubating

0.1.0-incubating

0.2.0-incubating

0.2.1

0.3.0

0.4.0

0.4.1

0.5.0

0.5.1

0.6.0

0.6.1

0.7.0

0.7.1

0.7.2

0.7.3

Maven / org.apache.nifi:nifi

Package

Name: org.apache.nifi:nifi; View open source insights on deps.dev
Purl: pkg:maven/org.apache.nifi/nifi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.3.0

Affected versions

1.*

1.0.0

1.0.1

1.1.0

1.1.1

1.1.2

1.2.0