Skip to content

Commit

Permalink
Adding fixed events for apache-nifi (#4966)
Browse files Browse the repository at this point in the history 
* Adding Fixed Advisory GHSA-hh82-3pmq-7frp for apache-nifi

* Adding Fixed Advisory GHSA-hr8g-6v94-x4m9 for apache-nifi

* Adding Fixed Advisory GHSA-mvr2-9pj6-7w5j for apache-nifi

* Adding Fixed Advisory GHSA-wjxj-5m7g-mg7q for apache-nifi

* Adding Fixed Advisory GHSA-rcjc-c4pj-xxrp for apache-nifi

* Adding Fixed Advisory GHSA-5mg8-w23w-74h3 for apache-nifi

* Adding Fixed Advisory GHSA-m44j-cfrm-g8qc for apache-nifi

* Adding Fixed Advisory GHSA-xjp4-hw94-mvp5 for apache-nifi

* Adding Fixed Advisory GHSA-6qvw-249j-h44c for apache-nifi

* Adding Fixed Advisory GHSA-mm8h-8587-p46h for apache-nifi

* Adding Fixed Advisory GHSA-g5ww-5jh7-63cx for apache-nifi

* Adding Fixed Advisory GHSA-h4h5-3hr4-j3g2 for apache-nifi

* Adding Fixed Advisory GHSA-6mjq-h674-j845 for apache-nifi

* Adding Fixed Advisory GHSA-4gg5-vx3j-xwc7 for apache-nifi

* Adding Fixed Advisory GHSA-jjjh-jjxp-wpff for apache-nifi

* Adding Fixed Advisory GHSA-4265-ccf5-phj5 for apache-nifi

* Adding Fixed Advisory GHSA-v435-xc8x-wvr9 for apache-nifi

* Adding Fixed Advisory GHSA-xpw8-rcwv-8f8p for apache-nifi

* Adding Fixed Advisory GHSA-7g45-4rm6-3mm3 for apache-nifi

* Adding Fixed Advisory GHSA-3x8x-79m2-3w2w for apache-nifi

* Adding Fixed Advisory GHSA-77rm-9x9h-xj3g for apache-nifi

* Adding Fixed Advisory GHSA-5jpm-x58v-624v for apache-nifi

* Adding Fixed Advisory GHSA-4wrc-f8pq-fpqp for apache-nifi

* Adding Fixed Advisory GHSA-4g9r-vxhx-9pgx for apache-nifi

* Adding Fixed Advisory GHSA-9w38-p64v-xpmv for apache-nifi

* Adding Fixed Advisory GHSA-fx2c-96vj-985v for apache-nifi

* Adding Fixed Advisory GHSA-8xfc-gm6g-vgpv for apache-nifi

* Adding Fixed Advisory GHSA-288c-cq4h-88gq for apache-nifi

* Adding Fixed Advisory GHSA-wrvw-hg22-4m67 for apache-nifi

* Adding Fixed Advisory GHSA-3j6g-hxx5-3q26 for apache-nifi

* Adding Fixed Advisory GHSA-57j2-w4cx-62h2 for apache-nifi

* Adding Fixed Advisory GHSA-rgv9-q543-rqg4 for apache-nifi

* Adding Fixed Advisory GHSA-4h8f-2wvx-gg5w for apache-nifi

* Adding Fixed Advisory GHSA-gvpg-vgmx-xg6w for apache-nifi

---------

Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com>
  • Loading branch information
@octo-sts
octo-sts[bot] and octo-sts[bot] committed May 17, 2024
1 parent af5a9e9 commit ac52f1f
Showing 1 changed file with 136 additions and 0 deletions.
136 changes: 136 additions & 0 deletions apache-nifi.advisories.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,10 @@ advisories:
type: pending-upstream-fix
data:
note: Remediating this CVE will require upgrading from Spring v5 to Spring v6, which is a major version increment with high risk. Awaiting for Upstream to migrate from Spring 5.3.x to 6.x
- timestamp: 2024-05-17T16:32:13Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2018-10237
aliases:
Expand All @@ -45,6 +49,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:02Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2020-25649
aliases:
Expand All @@ -66,6 +74,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:15Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2020-36518
aliases:
Expand All @@ -87,6 +99,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:17Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2020-8908
aliases:
Expand All @@ -108,6 +124,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:03Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2021-22569
aliases:
Expand All @@ -129,6 +149,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:16Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2021-22570
aliases:
Expand All @@ -150,6 +174,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:12Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2021-38153
aliases:
Expand All @@ -171,6 +199,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:17Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2021-46877
aliases:
Expand All @@ -192,6 +224,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:11Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2022-3171
aliases:
Expand All @@ -213,6 +249,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:07Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2022-3509
aliases:
Expand All @@ -234,6 +274,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:06Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2022-3510
aliases:
Expand All @@ -255,6 +299,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:08Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2022-41881
aliases:
Expand All @@ -276,6 +324,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:14Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2022-41915
aliases:
Expand All @@ -297,6 +349,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:00Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2022-42003
aliases:
Expand All @@ -318,6 +374,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:08Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2022-42004
aliases:
Expand All @@ -339,6 +399,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:18Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2022-46337
aliases:
Expand All @@ -360,6 +424,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:03Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2023-2976
aliases:
Expand All @@ -381,6 +449,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:10Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2023-33201
aliases:
Expand All @@ -402,6 +474,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:01Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2023-33202
aliases:
Expand All @@ -423,6 +499,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:02Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2023-34462
aliases:
Expand All @@ -444,6 +524,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:07Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2023-46120
aliases:
Expand All @@ -465,6 +549,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:06Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2023-51775
aliases:
Expand All @@ -486,6 +574,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:05Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2023-52428
aliases:
Expand All @@ -507,6 +599,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:19Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2024-25710
aliases:
Expand All @@ -528,6 +624,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:13Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2024-26308
aliases:
Expand All @@ -549,6 +649,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:09Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2024-29025
aliases:
Expand All @@ -570,6 +674,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:12Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2024-29131
aliases:
Expand All @@ -591,6 +699,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:04Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2024-29133
aliases:
Expand All @@ -612,6 +724,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:14Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2024-29857
aliases:
Expand All @@ -633,6 +749,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:15Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2024-30171
aliases:
Expand All @@ -654,6 +774,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:09Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2024-30172
aliases:
Expand All @@ -675,6 +799,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:04Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: CVE-2024-34447
aliases:
Expand All @@ -696,6 +824,10 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:18Z
type: fixed
data:
fixed-version: 1.26.0-r2

- id: GHSA-xpw8-rcwv-8f8p
events:
Expand All @@ -715,3 +847,7 @@ advisories:
type: pending-upstream-fix
data:
note: This vulnerability exists within a pre-compiled dependency which nifi depends on, and we lack the ability to patch. The upstream maintainers must mitigate this CVE.
- timestamp: 2024-05-17T16:32:10Z
type: fixed
data:
fixed-version: 1.26.0-r2

0 comments on commit ac52f1f

Please sign in to comment.