Update dependency org.apache.logging.log4j:log4j-core to v2.12.4 #27
Security Report
The Security Check found 412 vulnerabilities.
Partial results (47 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
CVE-2022-42468Path to dependency file: /nifi-nar-bundles/nifi-flume-bundle/nifi-flume-processors/pom.xml Path to vulnerable library: /nifi-nar-bundles/nifi-flume-bundle/nifi-flume-processors/pom.xml Dependency Hierarchy: -> ❌ flume-jms-source-1.6.0.jar (Vulnerable Library) |
Critical | 9.8 | flume-jms-source-1.6.0.jar | Upgrade to version: org.apache.flume.flume-ng-sources:flume-jms-source:1.11.0 | None |
CVE-2022-34916Path to dependency file: /nifi-nar-bundles/nifi-flume-bundle/nifi-flume-processors/pom.xml Path to vulnerable library: /nifi-nar-bundles/nifi-flume-bundle/nifi-flume-processors/pom.xml Dependency Hierarchy: -> ❌ flume-jms-source-1.6.0.jar (Vulnerable Library) |
Critical | 9.8 | flume-jms-source-1.6.0.jar | Upgrade to version: org.apache.flume.flume-ng-sources:flume-jms-source:1.10.1 | None |
CVE-2022-26612Path to dependency file: /nifi-nar-bundles/nifi-hadoop-libraries-bundle/nifi-hadoop-libraries-nar/pom.xml Path to vulnerable library: /nifi-nar-bundles/nifi-hadoop-libraries-bundle/nifi-hadoop-libraries-nar/pom.xml Dependency Hierarchy: -> hadoop-client-2.7.3.jar (Root Library) -> ❌ hadoop-common-2.7.3.jar (Vulnerable Library) |
Critical | 9.8 | hadoop-common-2.7.3.jar | Upgrade to version: org.apache.hadoop:hadoop-common:3.2.3 | None |
CVE-2022-25168Path to dependency file: /nifi-nar-bundles/nifi-hadoop-libraries-bundle/nifi-hadoop-libraries-nar/pom.xml Path to vulnerable library: /nifi-nar-bundles/nifi-hadoop-libraries-bundle/nifi-hadoop-libraries-nar/pom.xml Dependency Hierarchy: -> hadoop-client-2.7.3.jar (Root Library) -> ❌ hadoop-common-2.7.3.jar (Vulnerable Library) |
Critical | 9.8 | hadoop-common-2.7.3.jar | Upgrade to version: org.apache.hadoop:hadoop-common:2.10.2,3.2.4,3.3.3;org.apache.hadoop:hadoop-core:2.10.2,3.2.4,3.3.3;org.apache.hadoop:hadoop-client-api:2.10.2,3.2.4,3.3.3 | None |
CVE-2022-25167Path to dependency file: /nifi-nar-bundles/nifi-flume-bundle/nifi-flume-processors/pom.xml Path to vulnerable library: /nifi-nar-bundles/nifi-flume-bundle/nifi-flume-processors/pom.xml Dependency Hierarchy: -> ❌ flume-jms-source-1.6.0.jar (Vulnerable Library) |
Critical | 9.8 | flume-jms-source-1.6.0.jar | Upgrade to version: org.apache.flume.flume-ng-sources:flume-jms-source:1.10.0 | None |
CVE-2022-23305Path to dependency file: /nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml Path to vulnerable library: /nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml Dependency Hierarchy: -> nifi-jetty-1.4.0-SNAPSHOT.jar (Root Library) -> nifi-web-security-1.4.0-SNAPSHOT.jar -> nifi-framework-core-1.4.0-SNAPSHOT.jar -> zookeeper-3.4.6.jar -> slf4j-log4j12-1.7.25.jar -> ❌ log4j-1.2.16.jar (Vulnerable Library) |
Critical | 9.8 | log4j-1.2.16.jar | Upgrade to version: ch.qos.reload4j:reload4j:1.2.18.2 | None |
CVE-2022-23305Path to dependency file: /nifi-nar-bundles/nifi-hadoop-libraries-bundle/nifi-hadoop-libraries-nar/pom.xml Path to vulnerable library: /nifi-nar-bundles/nifi-hadoop-libraries-bundle/nifi-hadoop-libraries-nar/pom.xml Dependency Hierarchy: -> hadoop-client-2.7.3.jar (Root Library) -> hadoop-common-2.7.3.jar -> ❌ log4j-1.2.17.jar (Vulnerable Library) |
Critical | 9.8 | log4j-1.2.17.jar | Upgrade to version: ch.qos.reload4j:reload4j:1.2.18.2 | None |
CVE-2022-23221Path to dependency file: /nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml Path to vulnerable library: /nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/pom.xml Dependency Hierarchy: -> ❌ h2-1.3.176.jar (Vulnerable Library) |
Critical | 9.8 | h2-1.3.176.jar | Upgrade to version: com.h2database:h2:2.1.210 | None |
CVE-2022-22978Path to dependency file: /nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml Path to vulnerable library: /nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml Dependency Hierarchy: -> ❌ spring-security-web-4.0.3.RELEASE.jar (Vulnerable Library) |
Critical | 9.8 | spring-security-web-4.0.3.RELEASE.jar | Upgrade to version: org.springframework.security:spring-security-web:5.5.7,5.6.4 | None |
CVE-2022-22965Path to dependency file: /nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml Path to vulnerable library: /nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml Dependency Hierarchy: -> ❌ spring-beans-4.2.4.RELEASE.jar (Vulnerable Library) |
Critical | 9.8 | spring-beans-4.2.4.RELEASE.jar | Upgrade to version: org.springframework:spring-beans:5.2.20.RELEASE,5.3.18 | None |
CVE-2021-42392Path to dependency file: /nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml Path to vulnerable library: /nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/pom.xml Dependency Hierarchy: -> ❌ h2-1.3.176.jar (Vulnerable Library) |
Critical | 9.8 | h2-1.3.176.jar | Upgrade to version: com.h2database:h2:2.0.206 | None |
CVE-2020-9548Path to dependency file: /nifi-external/nifi-spark-receiver/pom.xml Path to vulnerable library: /nifi-external/nifi-spark-receiver/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.5.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.5.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.6,2.9.10.4 | None |
CVE-2020-9548Path to dependency file: /nifi-mock/pom.xml Path to vulnerable library: /nifi-mock/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml,/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-utils/pom.xml,/nifi-bootstrap/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml,/nifi-commons/nifi-expression-language/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.1.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.1.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.6,2.9.10.4 | None |
CVE-2020-9547Path to dependency file: /nifi-external/nifi-spark-receiver/pom.xml Path to vulnerable library: /nifi-external/nifi-spark-receiver/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.5.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.5.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.3 | None |
CVE-2020-9547Path to dependency file: /nifi-mock/pom.xml Path to vulnerable library: /nifi-mock/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml,/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-utils/pom.xml,/nifi-bootstrap/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml,/nifi-commons/nifi-expression-language/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.1.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.1.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.3 | None |
CVE-2020-9546Path to dependency file: /nifi-external/nifi-spark-receiver/pom.xml Path to vulnerable library: /nifi-external/nifi-spark-receiver/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.5.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.5.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.3 | None |
CVE-2020-9546Path to dependency file: /nifi-mock/pom.xml Path to vulnerable library: /nifi-mock/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml,/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-utils/pom.xml,/nifi-bootstrap/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml,/nifi-commons/nifi-expression-language/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.1.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.1.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.3 | None |
CVE-2020-9493Path to dependency file: /nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml Path to vulnerable library: /nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml Dependency Hierarchy: -> nifi-jetty-1.4.0-SNAPSHOT.jar (Root Library) -> nifi-web-security-1.4.0-SNAPSHOT.jar -> nifi-framework-core-1.4.0-SNAPSHOT.jar -> zookeeper-3.4.6.jar -> slf4j-log4j12-1.7.25.jar -> ❌ log4j-1.2.16.jar (Vulnerable Library) |
Critical | 9.8 | log4j-1.2.16.jar | Upgrade to version: ch.qos.reload4j:reload4j:1.2.18.1 | None |
CVE-2020-9493Path to dependency file: /nifi-nar-bundles/nifi-hadoop-libraries-bundle/nifi-hadoop-libraries-nar/pom.xml Path to vulnerable library: /nifi-nar-bundles/nifi-hadoop-libraries-bundle/nifi-hadoop-libraries-nar/pom.xml Dependency Hierarchy: -> hadoop-client-2.7.3.jar (Root Library) -> hadoop-common-2.7.3.jar -> ❌ log4j-1.2.17.jar (Vulnerable Library) |
Critical | 9.8 | log4j-1.2.17.jar | Upgrade to version: ch.qos.reload4j:reload4j:1.2.18.1 | None |
CVE-2020-8840Path to dependency file: /nifi-external/nifi-spark-receiver/pom.xml Path to vulnerable library: /nifi-external/nifi-spark-receiver/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.5.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.5.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.3 | None |
CVE-2020-8840Path to dependency file: /nifi-mock/pom.xml Path to vulnerable library: /nifi-mock/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml,/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-utils/pom.xml,/nifi-bootstrap/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml,/nifi-commons/nifi-expression-language/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.1.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.1.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.9.10.3 | None |
CVE-2019-20330Path to dependency file: /nifi-external/nifi-spark-receiver/pom.xml Path to vulnerable library: /nifi-external/nifi-spark-receiver/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.5.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.5.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.5,2.9.10.2 | None |
CVE-2019-20330Path to dependency file: /nifi-mock/pom.xml Path to vulnerable library: /nifi-mock/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml,/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-utils/pom.xml,/nifi-bootstrap/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml,/nifi-commons/nifi-expression-language/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.1.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.1.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.5,2.9.10.2 | None |
CVE-2019-17571Path to dependency file: /nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml Path to vulnerable library: /nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml Dependency Hierarchy: -> nifi-jetty-1.4.0-SNAPSHOT.jar (Root Library) -> nifi-web-security-1.4.0-SNAPSHOT.jar -> nifi-framework-core-1.4.0-SNAPSHOT.jar -> zookeeper-3.4.6.jar -> slf4j-log4j12-1.7.25.jar -> ❌ log4j-1.2.16.jar (Vulnerable Library) |
Critical | 9.8 | log4j-1.2.16.jar | Upgrade to version: log4j-manual - 1.2.17-16;log4j-javadoc - 1.2.17-16;log4j - 1.2.17-16,1.2.17-16 | None |
CVE-2019-17571Path to dependency file: /nifi-nar-bundles/nifi-hadoop-libraries-bundle/nifi-hadoop-libraries-nar/pom.xml Path to vulnerable library: /nifi-nar-bundles/nifi-hadoop-libraries-bundle/nifi-hadoop-libraries-nar/pom.xml Dependency Hierarchy: -> hadoop-client-2.7.3.jar (Root Library) -> hadoop-common-2.7.3.jar -> ❌ log4j-1.2.17.jar (Vulnerable Library) |
Critical | 9.8 | log4j-1.2.17.jar | Upgrade to version: log4j-manual - 1.2.17-16;log4j-javadoc - 1.2.17-16;log4j - 1.2.17-16,1.2.17-16 | None |
CVE-2019-17531Path to dependency file: /nifi-external/nifi-spark-receiver/pom.xml Path to vulnerable library: /nifi-external/nifi-spark-receiver/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.5.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.5.jar | Upgrade to version: 2.10 | None |
CVE-2019-17531Path to dependency file: /nifi-mock/pom.xml Path to vulnerable library: /nifi-mock/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml,/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-utils/pom.xml,/nifi-bootstrap/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml,/nifi-commons/nifi-expression-language/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.1.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.1.jar | Upgrade to version: 2.10 | None |
CVE-2019-17267Path to dependency file: /nifi-external/nifi-spark-receiver/pom.xml Path to vulnerable library: /nifi-external/nifi-spark-receiver/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.5.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.5.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.8.11.5,2.9.10 | None |
CVE-2019-17267Path to dependency file: /nifi-mock/pom.xml Path to vulnerable library: /nifi-mock/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml,/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-utils/pom.xml,/nifi-bootstrap/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml,/nifi-commons/nifi-expression-language/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.1.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.1.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.8.11.5,2.9.10 | None |
CVE-2019-16943Path to dependency file: /nifi-external/nifi-spark-receiver/pom.xml Path to vulnerable library: /nifi-external/nifi-spark-receiver/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.5.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.5.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10.1 | None |
CVE-2019-16943Path to dependency file: /nifi-mock/pom.xml Path to vulnerable library: /nifi-mock/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml,/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-utils/pom.xml,/nifi-bootstrap/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml,/nifi-commons/nifi-expression-language/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.1.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.1.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10.1 | None |
CVE-2019-16942Path to dependency file: /nifi-external/nifi-spark-receiver/pom.xml Path to vulnerable library: /nifi-external/nifi-spark-receiver/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.5.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.5.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10.1 | None |
CVE-2019-16942Path to dependency file: /nifi-mock/pom.xml Path to vulnerable library: /nifi-mock/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml,/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-utils/pom.xml,/nifi-bootstrap/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml,/nifi-commons/nifi-expression-language/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.1.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.1.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10.1 | None |
CVE-2019-16335Path to dependency file: /nifi-external/nifi-spark-receiver/pom.xml Path to vulnerable library: /nifi-external/nifi-spark-receiver/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.5.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.5.jar | Upgrade to version: 2.9.10 | None |
CVE-2019-16335Path to dependency file: /nifi-mock/pom.xml Path to vulnerable library: /nifi-mock/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml,/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-utils/pom.xml,/nifi-bootstrap/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml,/nifi-commons/nifi-expression-language/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.1.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.1.jar | Upgrade to version: 2.9.10 | None |
CVE-2019-14893Path to dependency file: /nifi-external/nifi-spark-receiver/pom.xml Path to vulnerable library: /nifi-external/nifi-spark-receiver/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.5.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.5.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.0 | None |
CVE-2019-14893Path to dependency file: /nifi-mock/pom.xml Path to vulnerable library: /nifi-mock/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml,/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-utils/pom.xml,/nifi-bootstrap/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml,/nifi-commons/nifi-expression-language/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.1.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.1.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.10.0 | None |
CVE-2019-14892Path to dependency file: /nifi-external/nifi-spark-receiver/pom.xml Path to vulnerable library: /nifi-external/nifi-spark-receiver/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.5.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.5.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10 | None |
CVE-2019-14892Path to dependency file: /nifi-mock/pom.xml Path to vulnerable library: /nifi-mock/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml,/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-utils/pom.xml,/nifi-bootstrap/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml,/nifi-commons/nifi-expression-language/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.1.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.1.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.7,2.8.11.5,2.9.10 | None |
CVE-2019-14540Path to dependency file: /nifi-external/nifi-spark-receiver/pom.xml Path to vulnerable library: /nifi-external/nifi-spark-receiver/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.5.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.5.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.8.11.5,2.9.10,2.10.0.pr3,2.11.0.rc1 | None |
CVE-2019-14540Path to dependency file: /nifi-mock/pom.xml Path to vulnerable library: /nifi-mock/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml,/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-utils/pom.xml,/nifi-bootstrap/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml,/nifi-commons/nifi-expression-language/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.1.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.1.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.8.11.5,2.9.10,2.10.0.pr3,2.11.0.rc1 | None |
CVE-2019-14379Path to dependency file: /nifi-external/nifi-spark-receiver/pom.xml Path to vulnerable library: /nifi-external/nifi-spark-receiver/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.5.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.5.jar | Upgrade to version: 2.9.9.2 | None |
CVE-2019-14379Path to dependency file: /nifi-mock/pom.xml Path to vulnerable library: /nifi-mock/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml,/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-utils/pom.xml,/nifi-bootstrap/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml,/nifi-commons/nifi-expression-language/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.1.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.1.jar | Upgrade to version: 2.9.9.2 | None |
CVE-2019-13990Path to dependency file: /nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml Path to vulnerable library: /nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml Dependency Hierarchy: -> ❌ quartz-2.2.1.jar (Vulnerable Library) |
Critical | 9.8 | quartz-2.2.1.jar | Upgrade to version: Replace or update the following file: org.quartz-scheduler.internal:quartz-core:2.3.2 | None |
CVE-2019-10202Path to dependency file: /nifi-external/nifi-spark-receiver/pom.xml Path to vulnerable library: /nifi-external/nifi-spark-receiver/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.5.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.5.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.0.0 | None |
CVE-2019-10202Path to dependency file: /nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/pom.xml Path to vulnerable library: /nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml,/nifi-nar-bundles/nifi-hadoop-libraries-bundle/nifi-hadoop-libraries-nar/pom.xml,/nifi-commons/nifi-site-to-site-client/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml,/nifi-commons/nifi-web-utils/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/pom.xml,/nifi-nar-bundles/nifi-extension-utils/nifi-processor-utils/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-distributed-cache-services-bundle/nifi-distributed-cache-client-service/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml,/nifi-nar-bundles/nifi-extension-utils/nifi-record-utils/nifi-avro-record-utils/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml Dependency Hierarchy: -> ❌ jackson-mapper-asl-1.9.13.jar (Vulnerable Library) |
Critical | 9.8 | jackson-mapper-asl-1.9.13.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.0.0 | None |
CVE-2019-10202Path to dependency file: /nifi-mock/pom.xml Path to vulnerable library: /nifi-mock/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml,/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-utils/pom.xml,/nifi-bootstrap/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml,/nifi-commons/nifi-expression-language/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/pom.xml,/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/pom.xml,/nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/pom.xml Dependency Hierarchy: -> ❌ jackson-databind-2.6.1.jar (Vulnerable Library) |
Critical | 9.8 | jackson-databind-2.6.1.jar | Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.0.0 | None |
Total libraries scanned: 416
Scan token: 4ba5e92b381e4a19abd4c1c00c741b6a