[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SECURITY] CVE-2016-8748: Apache NiFi XSS vulnerability in connection details dialogue
CVE-2016-8748: Apache NiFi XSS vulnerability in connection details dialogue
Vendor: The Apache Software Foundation
Apache NiFi 1.0.0
Apache NiFi 1.1.0
Description: There is a cross-site scripting vulnerability in
connection details dialog when accessed by an authorized user. The
user supplied text was not be properly handled when added to the DOM.
1.0.0 users should upgrade to 1.0.1 or 1.1.1.
1.1.0 users should upgrade to 1.1.1. Additional migration guidance
can be found https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance.
Credit: This issue was discovered by Matt Gilman of the Apache NiFi
PMC during a code review.