You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Albert Baker (JIRA)" <ji...@apache.org> on 2019/01/15 15:44:00 UTC
[jira] [Created] (NIFI-5957) 74 high severity CVEs in nifi 1.8.0 -
third party dependency libraries
Albert Baker created NIFI-5957:
----------------------------------
Summary: 74 high severity CVEs in nifi 1.8.0 - third party dependency libraries
Key: NIFI-5957
URL: https://issues.apache.org/jira/browse/NIFI-5957
Project: Apache NiFi
Issue Type: Bug
Components: Core Framework, Security
Affects Versions: 1.7.1, 1.8.0, 1.7.0, 1.6.0, 1.5.0
Environment: Inserted OWASP Dependency Check plugin into nifi pom.xml & ran report
Reporter: Albert Baker
There are 74 High severity CVEs in nifi 1.8.0 according to OWASP Dependency check.
There is a possibility of a few false positives with this report, /but/ there is the commons-collections:commons-collections:3.2.1 issue which there is proof-of-concept exploit code out for for three years. These dependencies need to be cleaned up.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)