CVE-2018-17193: Cross-site Scripting

December 19, 2018 (updated February 7, 2019)

The error page reflects the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a XSS attack.

References

nifi.apache.org/security.html
nvd.nist.gov/vuln/detail/CVE-2018-17193

Code Behaviors & Features

Detect and mitigate CVE-2018-17193 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →