GHSA-pqhq-xx62-2v2p

Source

https://github.com/advisories/GHSA-pqhq-xx62-2v2p

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-pqhq-xx62-2v2p/GHSA-pqhq-xx62-2v2p.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-pqhq-xx62-2v2p

Aliases

CVE-2020-1933

Published

2022-01-06T20:35:39Z

Modified

2023-11-08T04:02:45.993028Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Cross-site scripting in Apache NiFi

Details

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.

Database specific

{
    "nvd_published_at": "2020-01-28T01:15:00Z",
    "github_reviewed_at": "2021-03-26T22:28:03Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Maven / org.apache.nifi:nifi

Package

Name: org.apache.nifi:nifi; View open source insights on deps.dev
Purl: pkg:maven/org.apache.nifi/nifi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.11.0

Affected versions

1.*

1.0.0

1.0.1

1.1.0

1.1.1

1.1.2

1.2.0

1.3.0

1.4.0

1.5.0

1.6.0

1.7.0

1.7.1

1.8.0

1.9.0

1.9.1

1.9.2

1.10.0

Database specific

{
    "last_known_affected_version_range": "<= 1.10.0"
}