Skip to main content
Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
org.apache.nifi/nifi-framework-core 1.22.0… | Sonatype Guide
Get full component data and automated fixes with Sonatype Guide.
Sign up for free
maven
org.apache.nifi
nifi-framework-core
1.22.0
nifi-framework-core 1.22.0
org.apache.nifi
Published
Jun 6, 2023
•
Policy
compliance
maven Registry
Developer Trust Score
Recommended Version:
x.y.z
Recommended upgrade that meets your policy.
Compare Versions
Overview
Overview
Versions
87
Versions
87
Vulnerabilities
1
Vulnerabilities
1
Dependencies
38
Dependencies
38
Severity
Critical
(0)
High
(0)
Medium
(1)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
4.9
CVE-2024-52067
Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causing the application to write Parameter names and values to the application log. Parameter Context values may contain sensitive information depending on application flow configuration. Deployments of Apache NiFi with the default Logback configuration do not log Parameter Context values. Upgrading to Apache NiFi 2.0.0 or 1.28.1 is the recommendation mitigation, eliminating Parameter value logging from the flow synchronization process regardless of the Logback configuration.
affected
Severity
Medium
Published
Nov 22, 2024