CVE-2018-17194: Improper Input Validation

December 19, 2018 (updated July 19, 2023)

When a client request to a cluster node was replicated to other nodes in the cluster for verification, the Content-Length was forwarded. On a DELETE request, the body was ignored, but if the initial request had a Content-Length value other than 0, the receiving nodes would wait for the body and eventually timeout.

References

github.com/apache/nifi/pull/3035
issues.apache.org/jira/browse/NIFI-5628
nifi.apache.org/security.html
nvd.nist.gov/vuln/detail/CVE-2018-17194

Detect and mitigate CVE-2018-17194 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →