Back to list
[SECURITY] CVE-2016-8748: Apache NiFi XSS vulnerability in connection details dialogue
Jan 16 2017 07:25PM
Joe Witt (joewitt apache org)
CVE-2016-8748: Apache NiFi XSS vulnerability in connection details dialogue
Vendor: The Apache Software Foundation
Apache NiFi 1.0.0
Apache NiFi 1.1.0
Description: There is a cross-site scripting vulnerability in
connection details dialog when accessed by an authorized user. The
user supplied text was not be properly handled when added to the DOM.
1.0.0 users should upgrade to 1.0.1 or 1.1.1.
1.1.0 users should upgrade to 1.1.1. Additional migration guidance
can be found https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance.
Credit: This issue was discovered by Matt Gilman of the Apache NiFi
PMC during a code review.
[ reply ]
Copyright 2010, SecurityFocus