{"id":"CVE-2018-17192","details":"The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consistently apply the security headers was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release.","aliases":["GHSA-2xpp-75vr-22vq"],"modified":"2026-04-10T04:06:56.173288Z","published":"2018-12-19T14:29:00.347Z","references":[{"type":"ADVISORY","url":"https://nifi.apache.org/security.html#CVE-2018-17192"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/nifi","events":[{"introduced":"74d5224783dfdc513f6b3ad5ed96671d3c581707"},{"last_affected":"f8466cb16d6723ddc3bf5f0e7f8ce8a47d27cbe5"}],"database_specific":{"versions":[{"introduced":"1.0.0"},{"last_affected":"1.6.0"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17192.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}]}