nifi-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andy LoPresto (Jira)" <j...@apache.org>
Subject [jira] [Deleted] (NIFI-7213) Review CVE listing against dependencies to determine if CVE is relevant
Date Tue, 03 Mar 2020 01:57:00 GMT

     [ https://issues.apache.org/jira/browse/NIFI-7213?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Andy LoPresto deleted NIFI-7213:
--------------------------------


> Review CVE listing against dependencies to determine if CVE is relevant
> -----------------------------------------------------------------------
>
>                 Key: NIFI-7213
>                 URL: https://issues.apache.org/jira/browse/NIFI-7213
>             Project: Apache NiFi
>          Issue Type: Bug
>            Reporter: XuCongying
>            Priority: Major
>
>  
> Vulnerable Library Version: org.apache.derby : derby : 10.11.1.1
>   CVE ID: [CVE-2015-1832](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1832)
>   Import Path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml,
nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml,
nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/pom.xml,
nifi-nar-bundles/nifi-extension-utils/nifi-database-utils/pom.xml
>   Suggested Safe Versions: 10.12.1.1, 10.13.1.1, 10.14.1.0, 10.14.2.0, 10.15.1.3
>  Vulnerable Library Version: org.eclipse.paho : org.eclipse.paho.client.mqttv3 : 1.2.0
>   CVE ID: [CVE-2019-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11777)
>   Import Path: nifi-nar-bundles/nifi-mqtt-bundle/nifi-mqtt-processors/pom.xml
>   Suggested Safe Versions: 1.2.1, 1.2.2
>  Vulnerable Library Version: com.google.guava : guava : 18.0
>   CVE ID: [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
>   Import Path: nifi-nar-bundles/nifi-graph-bundle/nifi-graph-processors/pom.xml
>   Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre, 25.1-android,
25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android,
27.1-jre, 28.0-android, 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre
>  Vulnerable Library Version: org.apache.ignite : ignite-spring : 1.6.0
>   CVE ID: [CVE-2017-7686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7686)
>   Import Path: nifi-nar-bundles/nifi-ignite-bundle/nifi-ignite-processors/pom.xml
>   Suggested Safe Versions: 2.1.0, 2.2.0, 2.3.0, 2.4.0, 2.5.0, 2.6.0, 2.7.0, 2.7.5, 2.7.6
>  Vulnerable Library Version: org.apache.kafka : kafka_2.11 : 0.11.0.3
>   CVE ID: [CVE-2019-17196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17196)
>   Import Path: nifi-nar-bundles/nifi-kafka-bundle/nifi-kafka-0-11-processors/pom.xml
>   Suggested Safe Versions: 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0
>  Vulnerable Library Version: org.apache.kafka : kafka_2.11 : 1.0.2
>   CVE ID: [CVE-2019-17196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17196)
>   Import Path: nifi-nar-bundles/nifi-kafka-bundle/nifi-kafka-1-0-processors/pom.xml
>   Suggested Safe Versions: 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0
>  Vulnerable Library Version: org.apache.kafka : kafka_2.11 : 2.0.0
>   CVE ID: [CVE-2019-17196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17196)
>   Import Path: nifi-nar-bundles/nifi-kafka-bundle/nifi-kafka-2-0-processors/pom.xml
>   Suggested Safe Versions: 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0
>  Vulnerable Library Version: org.apache.hive : hive-jdbc : 1.2.1
>   CVE ID: [CVE-2016-3083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3083),
[CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), [CVE-2018-1282](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1282)
>   Import Path: nifi-nar-bundles/nifi-hive-bundle/nifi-hive-processors/pom.xml
>   Suggested Safe Versions: 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
>  Vulnerable Library Version: org.apache.hive : hive-jdbc : 1.1.1
>   CVE ID: [CVE-2016-3083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3083),
[CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), [CVE-2018-1282](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1282)
>   Import Path: nifi-nar-bundles/nifi-hive-bundle/nifi-hive_1_1-processors/pom.xml
>   Suggested Safe Versions: 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
>  Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.10.0
>   CVE ID: [CVE-2018-20200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200)
>   Import Path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml,
nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml
>   Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6, 3.12.7, 3.12.8,
3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, 3.14.5, 3.14.6, 4.0.0, 4.0.0-RC1,
4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, 4.0.0-alpha02, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2,
4.3.0, 4.3.1, 4.4.0
>  Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.3.1
>   CVE ID: [CVE-2018-20200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200)
>   Import Path: nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-processors/pom.xml
>   Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6, 3.12.7, 3.12.8,
3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, 3.14.5, 3.14.6, 4.0.0, 4.0.0-RC1,
4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, 4.0.0-alpha02, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2,
4.3.0, 4.3.1, 4.4.0
>  Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.8.1
>   CVE ID: [CVE-2018-20200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200)
>   Import Path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml
>   Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6, 3.12.7, 3.12.8,
3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, 3.14.5, 3.14.6, 4.0.0, 4.0.0-RC1,
4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, 4.0.0-alpha02, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2,
4.3.0, 4.3.1, 4.4.0
>  Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.6.0
>   CVE ID: [CVE-2018-20200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200)
>   Import Path: nifi-bootstrap/pom.xml
>   Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6, 3.12.7, 3.12.8,
3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, 3.14.5, 3.14.6, 4.0.0, 4.0.0-RC1,
4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, 4.0.0-alpha02, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2,
4.3.0, 4.3.1, 4.4.0
>  Vulnerable Library Version: org.apache.ignite : ignite-core : 1.6.0
>   CVE ID: [CVE-2016-6805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6805),
[CVE-2018-8018](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8018), [CVE-2018-1295](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1295),
[CVE-2017-7686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7686)
>   Import Path: nifi-nar-bundles/nifi-ignite-bundle/nifi-ignite-processors/pom.xml
>   Suggested Safe Versions: 2.6.0, 2.7.0, 2.7.5, 2.7.6
>  Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind : 2.9.8
>   CVE ID: [CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840),
[CVE-2019-16335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335), [CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330),
[CVE-2019-12384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384), [CVE-2019-12086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086),
[CVE-2019-17531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531), [CVE-2019-14439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439),
[CVE-2019-12814](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814), [CVE-2019-16943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943),
[CVE-2019-14379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379), [CVE-2019-14540](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540),
[CVE-2019-17267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267), [CVE-2019-16942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942)
>   Import Path: nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service-api/pom.xml
>   Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3
>  Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind : 2.9.10.1
>   CVE ID: [CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840),
[CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330)
>   Import Path: nifi-external/nifi-spark-receiver/pom.xml, nifi-commons/nifi-site-to-site-client/pom.xml...(The
rest of the 29 paths is hidden.)
>   Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3
>  Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind : 2.9.10
>   CVE ID: [CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840),
[CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330), [CVE-2019-16943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943),
[CVE-2019-16942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942), [CVE-2019-17531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531)
>   Import Path: nifi-nar-bundles/nifi-easyrules-bundle/nifi-easyrules-service/pom.xml
>   Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3
>  Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind : 2.9.9
>   CVE ID: [CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840),
[CVE-2019-16335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335), [CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330),
[CVE-2019-12384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384), [CVE-2019-17531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531),
[CVE-2019-14439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439), [CVE-2019-12814](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814),
[CVE-2019-16943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943), [CVE-2019-14379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379),
[CVE-2019-14540](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540), [CVE-2019-17267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267),
[CVE-2019-16942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942)
>   Import Path: nifi-nar-bundles/nifi-graph-bundle/nifi-graph-processors/pom.xml
>   Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3
>  Vulnerable Library Version: org.apache.storm : storm-core : 1.1.1
>   CVE ID: [CVE-2018-8008](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8008),
[CVE-2018-1331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1331), [CVE-2019-0202](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0202),
[CVE-2018-1332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1332), [CVE-2018-11779](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11779)
>   Import Path: nifi-external/nifi-storm-spout/pom.xml
>   Suggested Safe Versions: 2.1.0
>  Vulnerable Library Version: org.apache.mina : mina-core : 2.0.19
>   CVE ID: [CVE-2019-0231](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0231)
>   Import Path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml
>   Suggested Safe Versions: 2.0.21, 2.1.2, 2.1.3, 3.0.0-M1, 3.0.0-M2
>  Vulnerable Library Version: org.apache.hive.hcatalog : hive-hcatalog-core : 1.2.1
>   CVE ID: [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
>   Import Path: nifi-nar-bundles/nifi-hive-bundle/nifi-hive-processors/pom.xml, nifi-nar-bundles/nifi-kite-bundle/nifi-kite-processors/pom.xml
>   Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2,
2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
>  Vulnerable Library Version: org.apache.hive.hcatalog : hive-hcatalog-core : 1.1.1
>   CVE ID: [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
>   Import Path: nifi-nar-bundles/nifi-hive-bundle/nifi-hive_1_1-processors/pom.xml
>   Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2,
2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
>  Vulnerable Library Version: org.elasticsearch : elasticsearch : 5.6.16
>   CVE ID: [CVE-2019-7614](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7614)
>   Import Path: nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/pom.xml
>   Suggested Safe Versions: 6.8.4, 6.8.5, 6.8.6, 7.4.0, 7.4.1, 7.4.2, 7.5.0, 7.5.1, 7.5.2,
7.6.0
>  Vulnerable Library Version: org.apache.solr : solr-core : 6.6.6
>   CVE ID: [CVE-2017-3164](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3164)
>   Import Path: nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/pom.xml
>   Suggested Safe Versions: 7.7.0, 7.7.1, 7.7.2, 8.0.0, 8.1.0, 8.1.1, 8.2.0, 8.3.0, 8.3.1,
8.4.0, 8.4.1
>  Vulnerable Library Version: org.apache.poi : poi-ooxml : 4.0.1
>   CVE ID: [CVE-2019-12415](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12415)
>   Import Path: nifi-nar-bundles/nifi-poi-bundle/nifi-poi-processors/pom.xml
>   Suggested Safe Versions: 4.1.1, 4.1.2
>  Vulnerable Library Version: commons-beanutils : commons-beanutils : 1.9.3
>   CVE ID: [CVE-2019-10086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10086),
[CVE-2014-0114](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114)
>   Import Path: nifi-toolkit/nifi-toolkit-encrypt-config/pom.xml, nifi-nar-bundles/nifi-hl7-bundle/nifi-hl7-processors/pom.xml,
nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml
>   Suggested Safe Versions: 1.9.4, 20020520, 20021128.082114, 20030211.134440
>  Vulnerable Library Version: xerces : xercesImpl : 2.11.0
>   CVE ID: [CVE-2012-0881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881),
[CVE-2013-4002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002)
>   Import Path: nifi-nar-bundles/nifi-poi-bundle/nifi-poi-processors/pom.xml
>   Suggested Safe Versions: 2.12.0
>  Vulnerable Library Version: org.apache.derby : derbynet : 10.11.1.1
>   CVE ID: [CVE-2018-1313](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1313)
>   Import Path: nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/pom.xml
>   Suggested Safe Versions: 10.14.2.0, 10.15.1.3
>  Vulnerable Library Version: org.apache.directory.server : apacheds-all : 2.0.0-M20
>   CVE ID: [CVE-2015-3250](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3250)
>   Import Path: nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/pom.xml
>   Suggested Safe Versions: 2.0.0-M21, 2.0.0-M22, 2.0.0-M23, 2.0.0-M24
>  Vulnerable Library Version: org.apache.hive.hcatalog : hive-hcatalog-streaming : 1.2.1
>   CVE ID: [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
>   Import Path: nifi-nar-bundles/nifi-hive-bundle/nifi-hive-processors/pom.xml
>   Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2,
2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
>  Vulnerable Library Version: org.apache.hive.hcatalog : hive-hcatalog-streaming : 1.1.1
>   CVE ID: [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
>   Import Path: nifi-nar-bundles/nifi-hive-bundle/nifi-hive_1_1-processors/pom.xml
>   Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2,
2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
>  Vulnerable Library Version: org.springframework : spring-web : 4.3.19.RELEASE
>   CVE ID: [CVE-2018-15756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15756)
>   Import Path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/pom.xml,
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml
>   Suggested Safe Versions: 4.3.20.RELEASE, 4.3.21.RELEASE, 4.3.22.RELEASE, 4.3.23.RELEASE,
4.3.24.RELEASE, 4.3.25.RELEASE, 4.3.26.RELEASE, 5.0.16.RELEASE, 5.1.13.RELEASE, 5.2.3.RELEASE
>  Vulnerable Library Version: commons-httpclient : commons-httpclient : 3.1
>   CVE ID: [CVE-2014-3577](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3577),
[CVE-2012-5783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783), [CVE-2012-6153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6153)
>   Import Path: nifi-nar-bundles/nifi-kite-bundle/nifi-kite-processors/pom.xml
>   Suggested Safe Versions: 3.0alpha2
>  Vulnerable Library Version: org.apache.lucene : lucene-core : 5.3.1
>   CVE ID: [CVE-2017-3163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163)
>   Import Path: nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-processors/pom.xml
>   Suggested Safe Versions: 6.4.1, 6.4.2, 6.5.0, 6.5.1, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4,
6.6.5, 6.6.6, 7.0.0, 7.0.1, 7.1.0, 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.5.0, 7.6.0, 7.7.0,
7.7.1, 7.7.2, 8.0.0, 8.1.0, 8.1.1, 8.2.0, 8.3.0, 8.3.1, 8.4.0, 8.4.1
>  Vulnerable Library Version: org.apache.activemq : activemq-client : 5.15.8
>   CVE ID: [CVE-2019-0222](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0222)
>   Import Path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml,
nifi-nar-bundles/nifi-jms-bundle/nifi-jms-processors/pom.xml
>   Suggested Safe Versions: 5.15.10, 5.15.11, 5.15.9
>  Vulnerable Library Version: com.h2database : h2 : 1.4.187
>   CVE ID: [CVE-2018-10054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10054),
[CVE-2018-14335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14335)
>   Import Path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml,
nifi-nar-bundles/nifi-extension-utils/nifi-database-utils/pom.xml
>   Suggested Safe Versions: 1.4.198, 1.4.199, 1.4.200
>  Vulnerable Library Version: com.h2database : h2 : 1.4.192
>   CVE ID: [CVE-2018-10054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10054),
[CVE-2018-14335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14335)
>   Import Path: nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/pom.xml
>   Suggested Safe Versions: 1.4.198, 1.4.199, 1.4.200
>  Vulnerable Library Version: com.h2database : h2 : 1.3.176
>   CVE ID: [CVE-2018-10054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10054),
[CVE-2018-14335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14335)
>   Import Path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/pom.xml,
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml
>   Suggested Safe Versions: 1.4.198, 1.4.199, 1.4.200
>  Vulnerable Library Version: org.apache.kafka : kafka_2.10 : 0.9.0.1
>   CVE ID: [CVE-2018-1288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1288)
>   Import Path: nifi-nar-bundles/nifi-kafka-bundle/nifi-kafka-0-9-processors/pom.xml
>   Suggested Safe Versions: 0.10.2.2



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message