Apache NiFi and Apache NiFi Registry are vulnerable to os command injection. The vulnerability exists because the ShellUserGroupProvider
doesn’t properly neutralizes group resolution command elements which allows an attacker to inject and execute arbitrary OS commands on Linux and MacOS platforms.