CVE-2017-5636: Injection Vulnerability

October 19, 2017 (updated November 7, 2017)

The proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node.

References

www.securityfocus.com/bid/96731
nifi.apache.org/security.html
nvd.nist.gov/vuln/detail/CVE-2017-5636

Code Behaviors & Features

Detect and mitigate CVE-2017-5636 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →