CVE-2017-12632
published 2018-01-23CVE-2017-12632: A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. The fix to sanitize host headers and compare to…
high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. The fix to sanitize host headers and compare to a controlled whitelist was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | nifi | <= 1.4.0 | — |
| apache | nifi | — | — |
| apache_software_foundation | apache_nifi | — | — |
| apache_software_foundation | apache_nifi | — | — |