High
Apache NiFi could allow a remote attacker to execute arbitrary code on the system, caused by improper access control by the NiFi API. By sending a specially-crafted request to create an ExecuteProcess processor, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Apache
Apache NiFi 1.12.1
Refer to POC for more insights.
https://packetstormsecurity.com/files/160260/Apache-NiFi-API-Remote-Code-Execution.html