-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.nifi:nifi-cdc-mysql-bundle | maven | >= 0.0.2, < 1.23.0 | 1.23.0 |
| org.apache.nifi:nifi-jms-processors | maven | >= 0.0.2, < 1.23.0 | 1.23.0 |
| org.apache.nifi:nifi-standard-processors | maven | >= 0.0.2, < 1.23.0 | 1.23.0 |
| org.apache.nifi:nifi-dbcp-service | maven | >= 0.0.2, < 1.23.0 | 1.23.0 |
| org.apache.nifi:nifi-hikari-dbcp-service | maven | >= 0.0.2, < 1.23.0 | 1.23.0 |
| org.apache.nifi:nifi-hadoop-dbcp-service | maven | >= 0.0.2, < 1.23.0 | 1.23.0 |
| org.apache.nifi:nifi-hbase_2-client-service | maven | >= 0.0.2, < 1.23.0 | 1.23.0 |
| org.apache.nifi:nifi-record-serialization-services | maven | >= 0.0.2, < 1.23.0 | 1.23.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from components supporting HTTP URL references for resource loading. The commit adds @Restricted annotations with RequiredPermission.REFERENCE_REMOTE_RESOURCES to these classes, indicating they previously allowed unprivileged remote resource configuration. Each modified class corresponds to an affected package and contains properties that accept HTTP URLs for drivers/schemas/patterns, enabling code execution through malicious resource loading.