CVE-2022-33140HIGHCVSS 8.8≥ up to 1.16.2, ≤ 1.16.2·≥ 0.6.0, < 0.6.0*2022-06-15
CVE-2022-33140 [HIGH] CWE-78 CVE-2022-33140: The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 t
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellU
cvelistv5nvd