CVE-2017-7665: XSS
First published: Mon Jun 12 2017(Updated: )
In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache NiFi | <=0.7.3 | |
| Apache NiFi | =1.0.0 | |
| Apache NiFi | =1.0.1 | |
| Apache NiFi | =1.1.0 | |
| Apache NiFi | =1.1.1 | |
| Apache NiFi | =1.1.2 | |
| Apache NiFi | =1.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-7665?
The severity of CVE-2017-7665 is classified as Medium due to its potential to allow cross-site scripting (XSS) attacks.
How do I fix CVE-2017-7665?
To fix CVE-2017-7665, upgrade Apache NiFi to version 1.3.0 or later.
What versions of Apache NiFi are affected by CVE-2017-7665?
Apache NiFi versions before 0.7.4 and 1.x versions prior to 1.3.0 are affected by CVE-2017-7665.
What type of vulnerability is CVE-2017-7665?
CVE-2017-7665 is a cross-site scripting (XSS) vulnerability affecting Apache NiFi.
Is user input in Apache NiFi's UI safe in versions before the patch for CVE-2017-7665?
No, user input in Apache NiFi's UI is not safe in versions before the patch for CVE-2017-7665 due to insufficient guarding against XSS.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apache
- canonical/apache nifi
- version/apache nifi/0.7.3
- version/apache nifi/1.0.0
- version/apache nifi/1.0.1
- version/apache nifi/1.1.0
- version/apache nifi/1.1.1
- version/apache nifi/1.1.2
- version/apache nifi/1.2.0