Apache · Apache Nifi · CVE-2017-5635
**Name of the Vulnerable Software and Affected Versions**
Apache NiFi versions prior to 0.7.2
Apache NiFi versions 1.x prior to 1.1.2
**Description**
The issue arises in a cluster environment when an anonymous user request is replicated to another node. Instead of using the "anonymous" user identity, the system uses the identity of the originating node.
**Recommendations**
For Apache NiFi versions prior to 0.7.2, update to version 0.7.2 or later.
For Apache NiFi versions 1.x prior to 1.1.2, update to version 1.1.2 or later.