You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Joe Witt (Jira)" <ji...@apache.org> on 2020/03/01 15:09:00 UTC
[jira] [Commented] (NIFI-7213) Review CVE listing against
dependencies to determine if CVE is relevant
[ https://issues.apache.org/jira/browse/NIFI-7213?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17048598#comment-17048598 ]
Joe Witt commented on NIFI-7213:
--------------------------------
This kind of scripted JIRA is not only unhelpful it is counter productive and it violates ours and the ASF security reporting processes. A library having a reported CVE doesnt mean it is unsafe for all uses. It takes real effort and understanding to review these and this does occur.
> Review CVE listing against dependencies to determine if CVE is relevant
> -----------------------------------------------------------------------
>
> Key: NIFI-7213
> URL: https://issues.apache.org/jira/browse/NIFI-7213
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: XuCongying
> Priority: Major
>
>
> Vulnerable Library Version: org.apache.derby : derby : 10.11.1.1
> CVE ID: [CVE-2015-1832](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1832)
> Import Path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml, nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml, nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/pom.xml, nifi-nar-bundles/nifi-extension-utils/nifi-database-utils/pom.xml
> Suggested Safe Versions: 10.12.1.1, 10.13.1.1, 10.14.1.0, 10.14.2.0, 10.15.1.3
> Vulnerable Library Version: org.eclipse.paho : org.eclipse.paho.client.mqttv3 : 1.2.0
> CVE ID: [CVE-2019-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11777)
> Import Path: nifi-nar-bundles/nifi-mqtt-bundle/nifi-mqtt-processors/pom.xml
> Suggested Safe Versions: 1.2.1, 1.2.2
> Vulnerable Library Version: com.google.guava : guava : 18.0
> CVE ID: [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
> Import Path: nifi-nar-bundles/nifi-graph-bundle/nifi-graph-processors/pom.xml
> Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre, 25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre
> Vulnerable Library Version: org.apache.ignite : ignite-spring : 1.6.0
> CVE ID: [CVE-2017-7686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7686)
> Import Path: nifi-nar-bundles/nifi-ignite-bundle/nifi-ignite-processors/pom.xml
> Suggested Safe Versions: 2.1.0, 2.2.0, 2.3.0, 2.4.0, 2.5.0, 2.6.0, 2.7.0, 2.7.5, 2.7.6
> Vulnerable Library Version: org.apache.kafka : kafka_2.11 : 0.11.0.3
> CVE ID: [CVE-2019-17196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17196)
> Import Path: nifi-nar-bundles/nifi-kafka-bundle/nifi-kafka-0-11-processors/pom.xml
> Suggested Safe Versions: 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0
> Vulnerable Library Version: org.apache.kafka : kafka_2.11 : 1.0.2
> CVE ID: [CVE-2019-17196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17196)
> Import Path: nifi-nar-bundles/nifi-kafka-bundle/nifi-kafka-1-0-processors/pom.xml
> Suggested Safe Versions: 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0
> Vulnerable Library Version: org.apache.kafka : kafka_2.11 : 2.0.0
> CVE ID: [CVE-2019-17196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17196)
> Import Path: nifi-nar-bundles/nifi-kafka-bundle/nifi-kafka-2-0-processors/pom.xml
> Suggested Safe Versions: 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0
> Vulnerable Library Version: org.apache.hive : hive-jdbc : 1.2.1
> CVE ID: [CVE-2016-3083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3083), [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), [CVE-2018-1282](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1282)
> Import Path: nifi-nar-bundles/nifi-hive-bundle/nifi-hive-processors/pom.xml
> Suggested Safe Versions: 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
> Vulnerable Library Version: org.apache.hive : hive-jdbc : 1.1.1
> CVE ID: [CVE-2016-3083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3083), [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), [CVE-2018-1282](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1282)
> Import Path: nifi-nar-bundles/nifi-hive-bundle/nifi-hive_1_1-processors/pom.xml
> Suggested Safe Versions: 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
> Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.10.0
> CVE ID: [CVE-2018-20200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200)
> Import Path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml, nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml
> Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6, 3.12.7, 3.12.8, 3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, 3.14.5, 3.14.6, 4.0.0, 4.0.0-RC1, 4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, 4.0.0-alpha02, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0
> Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.3.1
> CVE ID: [CVE-2018-20200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200)
> Import Path: nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-processors/pom.xml
> Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6, 3.12.7, 3.12.8, 3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, 3.14.5, 3.14.6, 4.0.0, 4.0.0-RC1, 4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, 4.0.0-alpha02, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0
> Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.8.1
> CVE ID: [CVE-2018-20200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200)
> Import Path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml
> Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6, 3.12.7, 3.12.8, 3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, 3.14.5, 3.14.6, 4.0.0, 4.0.0-RC1, 4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, 4.0.0-alpha02, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0
> Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.6.0
> CVE ID: [CVE-2018-20200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200)
> Import Path: nifi-bootstrap/pom.xml
> Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6, 3.12.7, 3.12.8, 3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, 3.14.5, 3.14.6, 4.0.0, 4.0.0-RC1, 4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, 4.0.0-alpha02, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0
> Vulnerable Library Version: org.apache.ignite : ignite-core : 1.6.0
> CVE ID: [CVE-2016-6805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6805), [CVE-2018-8018](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8018), [CVE-2018-1295](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1295), [CVE-2017-7686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7686)
> Import Path: nifi-nar-bundles/nifi-ignite-bundle/nifi-ignite-processors/pom.xml
> Suggested Safe Versions: 2.6.0, 2.7.0, 2.7.5, 2.7.6
> Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind : 2.9.8
> CVE ID: [CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840), [CVE-2019-16335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335), [CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330), [CVE-2019-12384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384), [CVE-2019-12086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086), [CVE-2019-17531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531), [CVE-2019-14439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439), [CVE-2019-12814](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814), [CVE-2019-16943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943), [CVE-2019-14379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379), [CVE-2019-14540](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540), [CVE-2019-17267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267), [CVE-2019-16942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942)
> Import Path: nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service-api/pom.xml
> Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3
> Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind : 2.9.10.1
> CVE ID: [CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840), [CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330)
> Import Path: nifi-external/nifi-spark-receiver/pom.xml, nifi-commons/nifi-site-to-site-client/pom.xml...(The rest of the 29 paths is hidden.)
> Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3
> Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind : 2.9.10
> CVE ID: [CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840), [CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330), [CVE-2019-16943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943), [CVE-2019-16942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942), [CVE-2019-17531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531)
> Import Path: nifi-nar-bundles/nifi-easyrules-bundle/nifi-easyrules-service/pom.xml
> Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3
> Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind : 2.9.9
> CVE ID: [CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840), [CVE-2019-16335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335), [CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330), [CVE-2019-12384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384), [CVE-2019-17531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531), [CVE-2019-14439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439), [CVE-2019-12814](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814), [CVE-2019-16943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943), [CVE-2019-14379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379), [CVE-2019-14540](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540), [CVE-2019-17267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267), [CVE-2019-16942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942)
> Import Path: nifi-nar-bundles/nifi-graph-bundle/nifi-graph-processors/pom.xml
> Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3
> Vulnerable Library Version: org.apache.storm : storm-core : 1.1.1
> CVE ID: [CVE-2018-8008](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8008), [CVE-2018-1331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1331), [CVE-2019-0202](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0202), [CVE-2018-1332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1332), [CVE-2018-11779](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11779)
> Import Path: nifi-external/nifi-storm-spout/pom.xml
> Suggested Safe Versions: 2.1.0
> Vulnerable Library Version: org.apache.mina : mina-core : 2.0.19
> CVE ID: [CVE-2019-0231](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0231)
> Import Path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml
> Suggested Safe Versions: 2.0.21, 2.1.2, 2.1.3, 3.0.0-M1, 3.0.0-M2
> Vulnerable Library Version: org.apache.hive.hcatalog : hive-hcatalog-core : 1.2.1
> CVE ID: [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
> Import Path: nifi-nar-bundles/nifi-hive-bundle/nifi-hive-processors/pom.xml, nifi-nar-bundles/nifi-kite-bundle/nifi-kite-processors/pom.xml
> Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
> Vulnerable Library Version: org.apache.hive.hcatalog : hive-hcatalog-core : 1.1.1
> CVE ID: [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
> Import Path: nifi-nar-bundles/nifi-hive-bundle/nifi-hive_1_1-processors/pom.xml
> Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
> Vulnerable Library Version: org.elasticsearch : elasticsearch : 5.6.16
> CVE ID: [CVE-2019-7614](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7614)
> Import Path: nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/pom.xml
> Suggested Safe Versions: 6.8.4, 6.8.5, 6.8.6, 7.4.0, 7.4.1, 7.4.2, 7.5.0, 7.5.1, 7.5.2, 7.6.0
> Vulnerable Library Version: org.apache.solr : solr-core : 6.6.6
> CVE ID: [CVE-2017-3164](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3164)
> Import Path: nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/pom.xml
> Suggested Safe Versions: 7.7.0, 7.7.1, 7.7.2, 8.0.0, 8.1.0, 8.1.1, 8.2.0, 8.3.0, 8.3.1, 8.4.0, 8.4.1
> Vulnerable Library Version: org.apache.poi : poi-ooxml : 4.0.1
> CVE ID: [CVE-2019-12415](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12415)
> Import Path: nifi-nar-bundles/nifi-poi-bundle/nifi-poi-processors/pom.xml
> Suggested Safe Versions: 4.1.1, 4.1.2
> Vulnerable Library Version: commons-beanutils : commons-beanutils : 1.9.3
> CVE ID: [CVE-2019-10086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10086), [CVE-2014-0114](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114)
> Import Path: nifi-toolkit/nifi-toolkit-encrypt-config/pom.xml, nifi-nar-bundles/nifi-hl7-bundle/nifi-hl7-processors/pom.xml, nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml
> Suggested Safe Versions: 1.9.4, 20020520, 20021128.082114, 20030211.134440
> Vulnerable Library Version: xerces : xercesImpl : 2.11.0
> CVE ID: [CVE-2012-0881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881), [CVE-2013-4002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002)
> Import Path: nifi-nar-bundles/nifi-poi-bundle/nifi-poi-processors/pom.xml
> Suggested Safe Versions: 2.12.0
> Vulnerable Library Version: org.apache.derby : derbynet : 10.11.1.1
> CVE ID: [CVE-2018-1313](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1313)
> Import Path: nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/pom.xml
> Suggested Safe Versions: 10.14.2.0, 10.15.1.3
> Vulnerable Library Version: org.apache.directory.server : apacheds-all : 2.0.0-M20
> CVE ID: [CVE-2015-3250](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3250)
> Import Path: nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/pom.xml
> Suggested Safe Versions: 2.0.0-M21, 2.0.0-M22, 2.0.0-M23, 2.0.0-M24
> Vulnerable Library Version: org.apache.hive.hcatalog : hive-hcatalog-streaming : 1.2.1
> CVE ID: [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
> Import Path: nifi-nar-bundles/nifi-hive-bundle/nifi-hive-processors/pom.xml
> Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
> Vulnerable Library Version: org.apache.hive.hcatalog : hive-hcatalog-streaming : 1.1.1
> CVE ID: [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
> Import Path: nifi-nar-bundles/nifi-hive-bundle/nifi-hive_1_1-processors/pom.xml
> Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
> Vulnerable Library Version: org.springframework : spring-web : 4.3.19.RELEASE
> CVE ID: [CVE-2018-15756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15756)
> Import Path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/pom.xml, nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml
> Suggested Safe Versions: 4.3.20.RELEASE, 4.3.21.RELEASE, 4.3.22.RELEASE, 4.3.23.RELEASE, 4.3.24.RELEASE, 4.3.25.RELEASE, 4.3.26.RELEASE, 5.0.16.RELEASE, 5.1.13.RELEASE, 5.2.3.RELEASE
> Vulnerable Library Version: commons-httpclient : commons-httpclient : 3.1
> CVE ID: [CVE-2014-3577](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3577), [CVE-2012-5783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783), [CVE-2012-6153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6153)
> Import Path: nifi-nar-bundles/nifi-kite-bundle/nifi-kite-processors/pom.xml
> Suggested Safe Versions: 3.0alpha2
> Vulnerable Library Version: org.apache.lucene : lucene-core : 5.3.1
> CVE ID: [CVE-2017-3163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163)
> Import Path: nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-processors/pom.xml
> Suggested Safe Versions: 6.4.1, 6.4.2, 6.5.0, 6.5.1, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 7.0.0, 7.0.1, 7.1.0, 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.5.0, 7.6.0, 7.7.0, 7.7.1, 7.7.2, 8.0.0, 8.1.0, 8.1.1, 8.2.0, 8.3.0, 8.3.1, 8.4.0, 8.4.1
> Vulnerable Library Version: org.apache.activemq : activemq-client : 5.15.8
> CVE ID: [CVE-2019-0222](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0222)
> Import Path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml, nifi-nar-bundles/nifi-jms-bundle/nifi-jms-processors/pom.xml
> Suggested Safe Versions: 5.15.10, 5.15.11, 5.15.9
> Vulnerable Library Version: com.h2database : h2 : 1.4.187
> CVE ID: [CVE-2018-10054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10054), [CVE-2018-14335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14335)
> Import Path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml, nifi-nar-bundles/nifi-extension-utils/nifi-database-utils/pom.xml
> Suggested Safe Versions: 1.4.198, 1.4.199, 1.4.200
> Vulnerable Library Version: com.h2database : h2 : 1.4.192
> CVE ID: [CVE-2018-10054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10054), [CVE-2018-14335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14335)
> Import Path: nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/pom.xml
> Suggested Safe Versions: 1.4.198, 1.4.199, 1.4.200
> Vulnerable Library Version: com.h2database : h2 : 1.3.176
> CVE ID: [CVE-2018-10054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10054), [CVE-2018-14335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14335)
> Import Path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/pom.xml, nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml
> Suggested Safe Versions: 1.4.198, 1.4.199, 1.4.200
> Vulnerable Library Version: org.apache.kafka : kafka_2.10 : 0.9.0.1
> CVE ID: [CVE-2018-1288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1288)
> Import Path: nifi-nar-bundles/nifi-kafka-bundle/nifi-kafka-0-9-processors/pom.xml
> Suggested Safe Versions: 0.10.2.2
--
This message was sent by Atlassian Jira
(v8.3.4#803005)