CVE-2018-1310

HIGH

Apache Nifi < 1.6.0 - Insecure Deserialization

Title source: rule

Description

Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

References (1)

[Vendor Advisory] https://nifi.apache.org/security.html#CVE-2018-1310

Scores

CVSS v3 7.5

EPSS 0.0184

EPSS Percentile 82.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-502

Status published

Affected Products (2)

apache/nifi < 1.6.0

org.apache.nifi/nifi < 1.6.0Maven

Timeline

Published May 23, 2018

Tracked Since Feb 18, 2026