GHSA-jvx9-rj3w-jq99

Suggest an improvement
Source
https://github.com/advisories/GHSA-jvx9-rj3w-jq99
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jvx9-rj3w-jq99/GHSA-jvx9-rj3w-jq99.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-jvx9-rj3w-jq99
Aliases
Published
2022-05-17T02:40:53Z
Modified
2023-11-08T03:59:25.975338Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Origin Validation Error in Apache NiFi
Details

Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.

Database specific 
{
    "cwe_ids": [
        "CWE-346"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-01T22:33:10Z",
    "nvd_published_at": "2017-06-12T16:29:00Z",
    "severity": "HIGH"
}
References

Affected packages

Maven / org.apache.nifi:nifi

Package

Name
org.apache.nifi:nifi
View open source insights on deps.dev
Purl
pkg:maven/org.apache.nifi/nifi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.4

Affected versions

0.*

0.0.1-incubating
0.0.2-incubating
0.1.0-incubating
0.2.0-incubating
0.2.1
0.3.0
0.4.0
0.4.1
0.5.0
0.5.1
0.6.0
0.6.1
0.7.0
0.7.1
0.7.2
0.7.3

Maven / org.apache.nifi:nifi

Package

Name
org.apache.nifi:nifi
View open source insights on deps.dev
Purl
pkg:maven/org.apache.nifi/nifi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0.0
Fixed
1.3.0

Affected versions

1.*

1.0.0
1.0.1
1.1.0
1.1.1
1.1.2
1.2.0