Skip to main content

Origin Validation Error

CVE-2017-7667

Severity High
Score 7.5/10

Summary

Apache NiFi versions through 0.7.3, and 1.0.0-BETA through 1.2.0 are vulnerable to Origin Validation Error, which needs to establish the response header telling browsers to only allow framing with the same origin.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • NONE

CWE-346 - Origin Validation Error

The software does not properly verify that the source of data or communication is valid.

Advisory Timeline

  • Published