{"vulnerability": "cve-2021-33191", "sightings": [{"uuid": "4b65ed22-4040-4f60-ba85-525ed5e1dc31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-33191", "type": "seen", "source": "https://t.me/cibsecurity/27763", "content": "\u203c CVE-2021-33191 \u203c\n\nFrom Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an \"agent-update\" command which was designed to patch the application binary. This \"patching\" command defaults to calling a trusted binary, but might be modified to an arbitrary value through a \"c2-update\" command. Said command is then executed using the same privileges as the application binary. This was addressed in version 0.10.0\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-24T16:23:19.000000Z"}]}