Apache Nifi Minifi C
By the Year
In 2024 there have been 0 vulnerabilities in Apache Nifi Minifi C . Last year Nifi Minifi C had 1 security vulnerability published. Right now, Nifi Minifi C is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 5.90 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 9.80 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Nifi Minifi C vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Nifi Minifi C Security Vulnerabilities
Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14
CVE-2023-41180
5.9 - Medium
- September 03, 2023
Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14 allows an intermediary to present a forged certificate during TLS handshake negotation. The Disable Peer Verification property of InvokeHTTP was effectively flipped, disabling verification by default, when using HTTPS. Mitigation: Set the Disable Peer Verification property of InvokeHTTP to true when using MiNiFi C++ versions 0.13.0 or 0.14.0. Upgrading to MiNiFi C++ 0.15.0 corrects the default behavior.
Improper Certificate Validation
From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command
CVE-2021-33191
9.8 - Critical
- August 24, 2021
From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted binary, but might be modified to an arbitrary value through a "c2-update" command. Said command is then executed using the same privileges as the application binary. This was addressed in version 0.10.0
Shell injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Nifi Minifi C or by Apache? Click the Watch button to subscribe.
