XuCongying created NIFI-7213:
--------------------------------
Summary: Some CVEs in dependencies are threatening your project!
Key: NIFI-7213
URL: https://issues.apache.org/jira/browse/NIFI-7213
Project: Apache NiFi
Issue Type: Bug
Reporter: XuCongying
Your project is at risk due to the use of vulnerable dependencies. I suggest
updating their versions to increase the security of your project. See below for
more details:
Vulnerable Library Version: org.apache.derby : derby : 10.11.1.1
CVE ID:
[CVE-2015-1832](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1832)
Import Path:
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml,
nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml,
nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/pom.xml,
nifi-nar-bundles/nifi-extension-utils/nifi-database-utils/pom.xml
Suggested Safe Versions: 10.12.1.1, 10.13.1.1, 10.14.1.0, 10.14.2.0, 10.15.1.3
Vulnerable Library Version: org.eclipse.paho : org.eclipse.paho.client.mqttv3
: 1.2.0
CVE ID:
[CVE-2019-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11777)
Import Path: nifi-nar-bundles/nifi-mqtt-bundle/nifi-mqtt-processors/pom.xml
Suggested Safe Versions: 1.2.1, 1.2.2
Vulnerable Library Version: com.google.guava : guava : 18.0
CVE ID:
[CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
Import Path: nifi-nar-bundles/nifi-graph-bundle/nifi-graph-processors/pom.xml
Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre,
25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre,
27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, 28.0-jre,
28.1-android, 28.1-jre, 28.2-android, 28.2-jre
Vulnerable Library Version: org.apache.ignite : ignite-spring : 1.6.0
CVE ID:
[CVE-2017-7686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7686)
Import Path:
nifi-nar-bundles/nifi-ignite-bundle/nifi-ignite-processors/pom.xml
Suggested Safe Versions: 2.1.0, 2.2.0, 2.3.0, 2.4.0, 2.5.0, 2.6.0, 2.7.0,
2.7.5, 2.7.6
Vulnerable Library Version: org.apache.kafka : kafka_2.11 : 0.11.0.3
CVE ID:
[CVE-2019-17196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17196)
Import Path:
nifi-nar-bundles/nifi-kafka-bundle/nifi-kafka-0-11-processors/pom.xml
Suggested Safe Versions: 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0
Vulnerable Library Version: org.apache.kafka : kafka_2.11 : 1.0.2
CVE ID:
[CVE-2019-17196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17196)
Import Path:
nifi-nar-bundles/nifi-kafka-bundle/nifi-kafka-1-0-processors/pom.xml
Suggested Safe Versions: 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0
Vulnerable Library Version: org.apache.kafka : kafka_2.11 : 2.0.0
CVE ID:
[CVE-2019-17196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17196)
Import Path:
nifi-nar-bundles/nifi-kafka-bundle/nifi-kafka-2-0-processors/pom.xml
Suggested Safe Versions: 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0
Vulnerable Library Version: org.apache.hive : hive-jdbc : 1.2.1
CVE ID:
[CVE-2016-3083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3083),
[CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521),
[CVE-2018-1282](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1282)
Import Path: nifi-nar-bundles/nifi-hive-bundle/nifi-hive-processors/pom.xml
Suggested Safe Versions: 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1,
3.1.2
Vulnerable Library Version: org.apache.hive : hive-jdbc : 1.1.1
CVE ID:
[CVE-2016-3083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3083),
[CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521),
[CVE-2018-1282](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1282)
Import Path:
nifi-nar-bundles/nifi-hive-bundle/nifi-hive_1_1-processors/pom.xml
Suggested Safe Versions: 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1,
3.1.2
Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.10.0
CVE ID:
[CVE-2018-20200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200)
Import Path:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml,
nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml
Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6,
3.12.7, 3.12.8, 3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, 3.14.5,
3.14.6, 4.0.0, 4.0.0-RC1, 4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, 4.0.0-alpha02,
4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0
Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.3.1
CVE ID:
[CVE-2018-20200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200)
Import Path:
nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-processors/pom.xml
Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6,
3.12.7, 3.12.8, 3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, 3.14.5,
3.14.6, 4.0.0, 4.0.0-RC1, 4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, 4.0.0-alpha02,
4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0
Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.8.1
CVE ID:
[CVE-2018-20200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200)
Import Path:
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml
Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6,
3.12.7, 3.12.8, 3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, 3.14.5,
3.14.6, 4.0.0, 4.0.0-RC1, 4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, 4.0.0-alpha02,
4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0
Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.6.0
CVE ID:
[CVE-2018-20200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200)
Import Path: nifi-bootstrap/pom.xml
Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6,
3.12.7, 3.12.8, 3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, 3.14.5,
3.14.6, 4.0.0, 4.0.0-RC1, 4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, 4.0.0-alpha02,
4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0
Vulnerable Library Version: org.apache.ignite : ignite-core : 1.6.0
CVE ID:
[CVE-2016-6805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6805),
[CVE-2018-8018](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8018),
[CVE-2018-1295](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1295),
[CVE-2017-7686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7686)
Import Path:
nifi-nar-bundles/nifi-ignite-bundle/nifi-ignite-processors/pom.xml
Suggested Safe Versions: 2.6.0, 2.7.0, 2.7.5, 2.7.6
Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind :
2.9.8
CVE ID:
[CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840),
[CVE-2019-16335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335),
[CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330),
[CVE-2019-12384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384),
[CVE-2019-12086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086),
[CVE-2019-17531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531),
[CVE-2019-14439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439),
[CVE-2019-12814](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814),
[CVE-2019-16943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943),
[CVE-2019-14379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379),
[CVE-2019-14540](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540),
[CVE-2019-17267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267),
[CVE-2019-16942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942)
Import Path:
nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service-api/pom.xml
Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3
Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind :
2.9.10.1
CVE ID:
[CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840),
[CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330)
Import Path: nifi-external/nifi-spark-receiver/pom.xml,
nifi-commons/nifi-site-to-site-client/pom.xml...(The rest of the 29 paths is
hidden.)
Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3
Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind :
2.9.10
CVE ID:
[CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840),
[CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330),
[CVE-2019-16943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943),
[CVE-2019-16942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942),
[CVE-2019-17531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531)
Import Path:
nifi-nar-bundles/nifi-easyrules-bundle/nifi-easyrules-service/pom.xml
Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3
Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind :
2.9.9
CVE ID:
[CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840),
[CVE-2019-16335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335),
[CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330),
[CVE-2019-12384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384),
[CVE-2019-17531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531),
[CVE-2019-14439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439),
[CVE-2019-12814](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814),
[CVE-2019-16943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943),
[CVE-2019-14379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379),
[CVE-2019-14540](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540),
[CVE-2019-17267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267),
[CVE-2019-16942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942)
Import Path: nifi-nar-bundles/nifi-graph-bundle/nifi-graph-processors/pom.xml
Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3
Vulnerable Library Version: org.apache.storm : storm-core : 1.1.1
CVE ID:
[CVE-2018-8008](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8008),
[CVE-2018-1331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1331),
[CVE-2019-0202](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0202),
[CVE-2018-1332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1332),
[CVE-2018-11779](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11779)
Import Path: nifi-external/nifi-storm-spout/pom.xml
Suggested Safe Versions: 2.1.0
Vulnerable Library Version: org.apache.mina : mina-core : 2.0.19
CVE ID:
[CVE-2019-0231](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0231)
Import Path:
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml
Suggested Safe Versions: 2.0.21, 2.1.2, 2.1.3, 3.0.0-M1, 3.0.0-M2
Vulnerable Library Version: org.apache.hive.hcatalog : hive-hcatalog-core :
1.2.1
CVE ID:
[CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
Import Path: nifi-nar-bundles/nifi-hive-bundle/nifi-hive-processors/pom.xml,
nifi-nar-bundles/nifi-kite-bundle/nifi-kite-processors/pom.xml
Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0,
2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
Vulnerable Library Version: org.apache.hive.hcatalog : hive-hcatalog-core :
1.1.1
CVE ID:
[CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
Import Path:
nifi-nar-bundles/nifi-hive-bundle/nifi-hive_1_1-processors/pom.xml
Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0,
2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
Vulnerable Library Version: org.elasticsearch : elasticsearch : 5.6.16
CVE ID:
[CVE-2019-7614](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7614)
Import Path:
nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/pom.xml
Suggested Safe Versions: 6.8.4, 6.8.5, 6.8.6, 7.4.0, 7.4.1, 7.4.2, 7.5.0,
7.5.1, 7.5.2, 7.6.0
Vulnerable Library Version: org.apache.solr : solr-core : 6.6.6
CVE ID:
[CVE-2017-3164](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3164)
Import Path: nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/pom.xml
Suggested Safe Versions: 7.7.0, 7.7.1, 7.7.2, 8.0.0, 8.1.0, 8.1.1, 8.2.0,
8.3.0, 8.3.1, 8.4.0, 8.4.1
Vulnerable Library Version: org.apache.poi : poi-ooxml : 4.0.1
CVE ID:
[CVE-2019-12415](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12415)
Import Path: nifi-nar-bundles/nifi-poi-bundle/nifi-poi-processors/pom.xml
Suggested Safe Versions: 4.1.1, 4.1.2
Vulnerable Library Version: commons-beanutils : commons-beanutils : 1.9.3
CVE ID:
[CVE-2019-10086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10086),
[CVE-2014-0114](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114)
Import Path: nifi-toolkit/nifi-toolkit-encrypt-config/pom.xml,
nifi-nar-bundles/nifi-hl7-bundle/nifi-hl7-processors/pom.xml,
nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml
Suggested Safe Versions: 1.9.4, 20020520, 20021128.082114, 20030211.134440
Vulnerable Library Version: xerces : xercesImpl : 2.11.0
CVE ID:
[CVE-2012-0881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881),
[CVE-2013-4002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002)
Import Path: nifi-nar-bundles/nifi-poi-bundle/nifi-poi-processors/pom.xml
Suggested Safe Versions: 2.12.0
Vulnerable Library Version: org.apache.derby : derbynet : 10.11.1.1
CVE ID:
[CVE-2018-1313](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1313)
Import Path:
nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/pom.xml
Suggested Safe Versions: 10.14.2.0, 10.15.1.3
Vulnerable Library Version: org.apache.directory.server : apacheds-all :
2.0.0-M20
CVE ID:
[CVE-2015-3250](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3250)
Import Path:
nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/pom.xml
Suggested Safe Versions: 2.0.0-M21, 2.0.0-M22, 2.0.0-M23, 2.0.0-M24
Vulnerable Library Version: org.apache.hive.hcatalog : hive-hcatalog-streaming
: 1.2.1
CVE ID:
[CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
Import Path: nifi-nar-bundles/nifi-hive-bundle/nifi-hive-processors/pom.xml
Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0,
2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
Vulnerable Library Version: org.apache.hive.hcatalog : hive-hcatalog-streaming
: 1.1.1
CVE ID:
[CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
Import Path:
nifi-nar-bundles/nifi-hive-bundle/nifi-hive_1_1-processors/pom.xml
Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0,
2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
Vulnerable Library Version: org.springframework : spring-web : 4.3.19.RELEASE
CVE ID:
[CVE-2018-15756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15756)
Import Path:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/pom.xml,
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml
Suggested Safe Versions: 4.3.20.RELEASE, 4.3.21.RELEASE, 4.3.22.RELEASE,
4.3.23.RELEASE, 4.3.24.RELEASE, 4.3.25.RELEASE, 4.3.26.RELEASE, 5.0.16.RELEASE,
5.1.13.RELEASE, 5.2.3.RELEASE
Vulnerable Library Version: commons-httpclient : commons-httpclient : 3.1
CVE ID:
[CVE-2014-3577](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3577),
[CVE-2012-5783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783),
[CVE-2012-6153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6153)
Import Path: nifi-nar-bundles/nifi-kite-bundle/nifi-kite-processors/pom.xml
Suggested Safe Versions: 3.0alpha2
Vulnerable Library Version: org.apache.lucene : lucene-core : 5.3.1
CVE ID:
[CVE-2017-3163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163)
Import Path:
nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-processors/pom.xml
Suggested Safe Versions: 6.4.1, 6.4.2, 6.5.0, 6.5.1, 6.6.0, 6.6.1, 6.6.2,
6.6.3, 6.6.4, 6.6.5, 6.6.6, 7.0.0, 7.0.1, 7.1.0, 7.2.0, 7.2.1, 7.3.0, 7.3.1,
7.4.0, 7.5.0, 7.6.0, 7.7.0, 7.7.1, 7.7.2, 8.0.0, 8.1.0, 8.1.1, 8.2.0, 8.3.0,
8.3.1, 8.4.0, 8.4.1
Vulnerable Library Version: org.apache.activemq : activemq-client : 5.15.8
CVE ID:
[CVE-2019-0222](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0222)
Import Path:
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml,
nifi-nar-bundles/nifi-jms-bundle/nifi-jms-processors/pom.xml
Suggested Safe Versions: 5.15.10, 5.15.11, 5.15.9
Vulnerable Library Version: com.h2database : h2 : 1.4.187
CVE ID:
[CVE-2018-10054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10054),
[CVE-2018-14335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14335)
Import Path:
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml,
nifi-nar-bundles/nifi-extension-utils/nifi-database-utils/pom.xml
Suggested Safe Versions: 1.4.198, 1.4.199, 1.4.200
Vulnerable Library Version: com.h2database : h2 : 1.4.192
CVE ID:
[CVE-2018-10054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10054),
[CVE-2018-14335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14335)
Import Path:
nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/pom.xml
Suggested Safe Versions: 1.4.198, 1.4.199, 1.4.200
Vulnerable Library Version: com.h2database : h2 : 1.3.176
CVE ID:
[CVE-2018-10054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10054),
[CVE-2018-14335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14335)
Import Path:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/pom.xml,
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml
Suggested Safe Versions: 1.4.198, 1.4.199, 1.4.200
Vulnerable Library Version: org.apache.kafka : kafka_2.10 : 0.9.0.1
CVE ID:
[CVE-2018-1288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1288)
Import Path:
nifi-nar-bundles/nifi-kafka-bundle/nifi-kafka-0-9-processors/pom.xml
Suggested Safe Versions: 0.10.2.2
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
