CVE-2017-15697
published 2018-01-23CVE-2017-15697: A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. The fix to…
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. The fix to properly handle these headers was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | nifi | — | — |
| apache | nifi | 1.0.0 – 1.4.0 | — |
| apache_software_foundation | apache_nifi | — | — |
| apache_software_foundation | apache_nifi | — | — |