You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Albert Baker (JIRA)" <ji...@apache.org> on 2019/01/15 15:44:00 UTC

[jira] [Created] (NIFI-5957) 74 high severity CVEs in nifi 1.8.0 - third party dependency libraries

Albert Baker created NIFI-5957:
----------------------------------

             Summary: 74 high severity CVEs in nifi 1.8.0 - third party dependency libraries
                 Key: NIFI-5957
                 URL: https://issues.apache.org/jira/browse/NIFI-5957
             Project: Apache NiFi
          Issue Type: Bug
          Components: Core Framework, Security
    Affects Versions: 1.7.1, 1.8.0, 1.7.0, 1.6.0, 1.5.0
         Environment: Inserted OWASP Dependency Check plugin into nifi pom.xml & ran report
            Reporter: Albert Baker


There are 74 High severity CVEs in nifi 1.8.0 according to OWASP Dependency check.

There is a possibility of a few false positives with this report, /but/ there is the commons-collections:commons-collections:3.2.1 issue which there is proof-of-concept exploit code out for for three years.    These dependencies need to be cleaned up.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)