Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.nifi/nifi@0.4.1

Type maven

Namespace org.apache.nifi

Name nifi

Version 0.4.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.24.0

Latest_non_vulnerable_version 1.24.0

Affected_by_vulnerabilities

url VCID-3eka-p4cs-f3dz

vulnerability_id VCID-3eka-p4cs-f3dz

summary

Apache NiFi vulnerable to Code Injection
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.

The resolution validates the Database URL and rejects H2 JDBC locations.

You are recommended to upgrade to version 1.22.0 or later which fixes this issue.

references

reference_url

http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/

url

http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-34468

reference_id

reference_type

scores

value	0.77205
scoring_system	epss
scoring_elements	0.98975
published_at	2026-04-21T12:55:00Z

value	0.77205
scoring_system	epss
scoring_elements	0.98965
published_at	2026-04-02T12:55:00Z

value	0.77205
scoring_system	epss
scoring_elements	0.98967
published_at	2026-04-04T12:55:00Z

value	0.77205
scoring_system	epss
scoring_elements	0.98969
published_at	2026-04-07T12:55:00Z

value	0.77205
scoring_system	epss
scoring_elements	0.98971
published_at	2026-04-09T12:55:00Z

value	0.77205
scoring_system	epss
scoring_elements	0.98972
published_at	2026-04-12T12:55:00Z

value	0.77205
scoring_system	epss
scoring_elements	0.98973
published_at	2026-04-13T12:55:00Z

value	0.77205
scoring_system	epss
scoring_elements	0.98974
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-34468

reference_url

https://exceptionfactory.com/posts/2023/10/07/firsthand-analysis-of-apache-nifi-vulnerability-cve-2023-34468

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://exceptionfactory.com/posts/2023/10/07/firsthand-analysis-of-apache-nifi-vulnerability-cve-2023-34468

reference_url

https://github.com/apache/nifi

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/nifi

reference_url

https://github.com/apache/nifi/commit/4faf3ea59895e7e153db3f8f61147ff70a254361

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/nifi/commit/4faf3ea59895e7e153db3f8f61147ff70a254361

reference_url

https://github.com/apache/nifi/pull/7349

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/nifi/pull/7349

reference_url

https://issues.apache.org/jira/browse/NIFI-11653

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/NIFI-11653

reference_url

https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/

url

https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8

reference_url

https://nifi.apache.org/security.html#CVE-2023-34468

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/

url

https://nifi.apache.org/security.html#CVE-2023-34468

reference_url

https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation

reference_url

http://www.openwall.com/lists/oss-security/2023/06/12/3

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/

url

http://www.openwall.com/lists/oss-security/2023/06/12/3

reference_url

https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/

reference_id

apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/

url

https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-34468

reference_id

CVE-2023-34468

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-34468

reference_url

https://github.com/advisories/GHSA-xm2m-2q6h-22jw

reference_id

GHSA-xm2m-2q6h-22jw

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xm2m-2q6h-22jw

fixed_packages

url pkg:maven/org.apache.nifi/nifi@1.22.0

purl pkg:maven/org.apache.nifi/nifi@1.22.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hy35-v2p5-2ycq

vulnerability	VCID-rv8f-q4a4-xqbk

vulnerability	VCID-ues1-6z47-q7hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.22.0

aliases CVE-2023-34468, GHSA-xm2m-2q6h-22jw

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3eka-p4cs-f3dz

url VCID-4fnm-bxv8-vqhz

vulnerability_id VCID-4fnm-bxv8-vqhz

summary

Cross-site Scripting
In Apache NiFi, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-8748

reference_id

reference_type

scores

value	0.00406
scoring_system	epss
scoring_elements	0.61025
published_at	2026-04-07T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61109
published_at	2026-04-21T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61125
published_at	2026-04-18T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61119
published_at	2026-04-16T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61077
published_at	2026-04-13T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61096
published_at	2026-04-12T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.60953
published_at	2026-04-01T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.6111
published_at	2026-04-11T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61089
published_at	2026-04-09T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.6103
published_at	2026-04-02T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61073
published_at	2026-04-08T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61059
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-8748

reference_url

https://nifi.apache.org/security.html#CVE-2016-8748

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nifi.apache.org/security.html#CVE-2016-8748

reference_url

http://www.securityfocus.com/bid/95621

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/95621

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:nifi::::::::
reference_id	cpe:2.3:a:apache:nifi::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:nifi::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:nifi:1.1.0:::::::*
reference_id	cpe:2.3:a:apache:nifi:1.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:nifi:1.1.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-8748

reference_id

CVE-2016-8748

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:N

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-8748

reference_url

https://github.com/advisories/GHSA-g2fm-x3cp-mqw9

reference_id

GHSA-g2fm-x3cp-mqw9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g2fm-x3cp-mqw9

fixed_packages

url pkg:maven/org.apache.nifi/nifi@1.0.1

purl pkg:maven/org.apache.nifi/nifi@1.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dsr-hras-zudk

vulnerability	VCID-2ema-4jrp-3kfr

vulnerability	VCID-3eka-p4cs-f3dz

vulnerability	VCID-3rp1-pc25-euhm

vulnerability	VCID-4fnm-bxv8-vqhz

vulnerability	VCID-6mt2-4tn4-5bcb

vulnerability	VCID-bppj-knks-jybe

vulnerability	VCID-bpqd-tx8f-kycf

vulnerability	VCID-gqjq-sbf1-x7ew

vulnerability	VCID-hy35-v2p5-2ycq

vulnerability	VCID-j263-1hyr-t7hn

vulnerability	VCID-k1bm-1u7b-vybp

vulnerability	VCID-r9su-47z6-x7cw

vulnerability	VCID-rj21-6d19-gqbe

vulnerability	VCID-rjau-hbsn-u3ah

vulnerability	VCID-rn4r-36ab-sfey

vulnerability	VCID-rv8f-q4a4-xqbk

vulnerability	VCID-tnfn-2kzc-rugx

vulnerability	VCID-w18h-3c8s-s3eq

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.0.1

url pkg:maven/org.apache.nifi/nifi@1.1.1

purl pkg:maven/org.apache.nifi/nifi@1.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hne-dn7f-4yfy

vulnerability	VCID-2dsr-hras-zudk

vulnerability	VCID-2ema-4jrp-3kfr

vulnerability	VCID-3eka-p4cs-f3dz

vulnerability	VCID-3rp1-pc25-euhm

vulnerability	VCID-6mt2-4tn4-5bcb

vulnerability	VCID-bppj-knks-jybe

vulnerability	VCID-bpqd-tx8f-kycf

vulnerability	VCID-gqjq-sbf1-x7ew

vulnerability	VCID-hy35-v2p5-2ycq

vulnerability	VCID-j263-1hyr-t7hn

vulnerability	VCID-k1bm-1u7b-vybp

vulnerability	VCID-r9su-47z6-x7cw

vulnerability	VCID-rj21-6d19-gqbe

vulnerability	VCID-rjau-hbsn-u3ah

vulnerability	VCID-rn4r-36ab-sfey

vulnerability	VCID-rv8f-q4a4-xqbk

vulnerability	VCID-tnfn-2kzc-rugx

vulnerability	VCID-w18h-3c8s-s3eq

vulnerability	VCID-xv8d-3nef-dygg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.1.1

aliases CVE-2016-8748, GHSA-g2fm-x3cp-mqw9

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4fnm-bxv8-vqhz

url VCID-bpqd-tx8f-kycf

vulnerability_id VCID-bpqd-tx8f-kycf

summary

Improper Restriction of XML External Entity Reference
Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: - `EvaluateXPath` - `EvaluateXQuery` - `ValidateXml` Apache NiFi flow configurations that include these Processors is vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-29265

reference_id

reference_type

scores

value	0.0212
scoring_system	epss
scoring_elements	0.84164
published_at	2026-04-21T12:55:00Z

value	0.0212
scoring_system	epss
scoring_elements	0.84098
published_at	2026-04-04T12:55:00Z

value	0.0212
scoring_system	epss
scoring_elements	0.841
published_at	2026-04-07T12:55:00Z

value	0.0212
scoring_system	epss
scoring_elements	0.84123
published_at	2026-04-08T12:55:00Z

value	0.0212
scoring_system	epss
scoring_elements	0.84129
published_at	2026-04-09T12:55:00Z

value	0.0212
scoring_system	epss
scoring_elements	0.84146
published_at	2026-04-11T12:55:00Z

value	0.0212
scoring_system	epss
scoring_elements	0.84141
published_at	2026-04-12T12:55:00Z

value	0.0212
scoring_system	epss
scoring_elements	0.84136
published_at	2026-04-13T12:55:00Z

value	0.0212
scoring_system	epss
scoring_elements	0.84159
published_at	2026-04-16T12:55:00Z

value	0.0212
scoring_system	epss
scoring_elements	0.8416
published_at	2026-04-18T12:55:00Z

value	0.0212
scoring_system	epss
scoring_elements	0.84081
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-29265

reference_url

https://github.com/apache/nifi

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/nifi

reference_url

https://lists.apache.org/thread/47od9kr9n4cyv0mv81jh3pkyx815kyjl

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/47od9kr9n4cyv0mv81jh3pkyx815kyjl

reference_url

https://nifi.apache.org/security.html#CVE-2022-29265

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nifi.apache.org/security.html#CVE-2022-29265

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-29265

reference_id

CVE-2022-29265

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-29265

reference_url

https://github.com/advisories/GHSA-wc97-7623-rxwx

reference_id

GHSA-wc97-7623-rxwx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wc97-7623-rxwx

fixed_packages

url pkg:maven/org.apache.nifi/nifi@1.16.1

purl pkg:maven/org.apache.nifi/nifi@1.16.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3eka-p4cs-f3dz

vulnerability	VCID-4uja-72yx-6qdc

vulnerability	VCID-g74u-zmqj-gyb7

vulnerability	VCID-hy35-v2p5-2ycq

vulnerability	VCID-rv8f-q4a4-xqbk

vulnerability	VCID-xhjy-xmhq-abh7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.16.1

aliases CVE-2022-29265, GHSA-wc97-7623-rxwx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bpqd-tx8f-kycf

url VCID-j263-1hyr-t7hn

vulnerability_id VCID-j263-1hyr-t7hn

summary

Deserialization of Untrusted Data
Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1310

reference_id

reference_type

scores

value	0.0184
scoring_system	epss
scoring_elements	0.82994
published_at	2026-04-21T12:55:00Z

value	0.0184
scoring_system	epss
scoring_elements	0.82939
published_at	2026-04-08T12:55:00Z

value	0.0184
scoring_system	epss
scoring_elements	0.82946
published_at	2026-04-09T12:55:00Z

value	0.0184
scoring_system	epss
scoring_elements	0.82961
published_at	2026-04-11T12:55:00Z

value	0.0184
scoring_system	epss
scoring_elements	0.82956
published_at	2026-04-12T12:55:00Z

value	0.0184
scoring_system	epss
scoring_elements	0.82952
published_at	2026-04-13T12:55:00Z

value	0.0184
scoring_system	epss
scoring_elements	0.82991
published_at	2026-04-16T12:55:00Z

value	0.0184
scoring_system	epss
scoring_elements	0.8299
published_at	2026-04-18T12:55:00Z

value	0.0184
scoring_system	epss
scoring_elements	0.82888
published_at	2026-04-01T12:55:00Z

value	0.0184
scoring_system	epss
scoring_elements	0.82905
published_at	2026-04-02T12:55:00Z

value	0.0184
scoring_system	epss
scoring_elements	0.82917
published_at	2026-04-04T12:55:00Z

value	0.0184
scoring_system	epss
scoring_elements	0.82913
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1310

reference_url

https://nifi.apache.org/security.html#CVE-2018-1310

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nifi.apache.org/security.html#CVE-2018-1310

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:nifi::::::::
reference_id	cpe:2.3:a:apache:nifi::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:nifi::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1310

reference_id

CVE-2018-1310

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1310

reference_url

https://github.com/advisories/GHSA-p76j-5v6v-6c22

reference_id

GHSA-p76j-5v6v-6c22

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p76j-5v6v-6c22

fixed_packages

url pkg:maven/org.apache.nifi/nifi@1.6.0

purl pkg:maven/org.apache.nifi/nifi@1.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dsr-hras-zudk

vulnerability	VCID-2ema-4jrp-3kfr

vulnerability	VCID-3eka-p4cs-f3dz

vulnerability	VCID-4v3d-ugqf-uyag

vulnerability	VCID-6mt2-4tn4-5bcb

vulnerability	VCID-bppj-knks-jybe

vulnerability	VCID-bpqd-tx8f-kycf

vulnerability	VCID-g74u-zmqj-gyb7

vulnerability	VCID-gqjq-sbf1-x7ew

vulnerability	VCID-hy35-v2p5-2ycq

vulnerability	VCID-rj21-6d19-gqbe

vulnerability	VCID-rn4r-36ab-sfey

vulnerability	VCID-rv8f-q4a4-xqbk

vulnerability	VCID-yrgr-3cv3-b3ff

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.6.0

aliases CVE-2018-1310, GHSA-p76j-5v6v-6c22

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j263-1hyr-t7hn

url VCID-k1bm-1u7b-vybp

vulnerability_id VCID-k1bm-1u7b-vybp

summary

Improper Input Validation
A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-12632

reference_id

reference_type

scores

value	0.0053
scoring_system	epss
scoring_elements	0.67262
published_at	2026-04-21T12:55:00Z

value	0.0053
scoring_system	epss
scoring_elements	0.67265
published_at	2026-04-09T12:55:00Z

value	0.0053
scoring_system	epss
scoring_elements	0.67284
published_at	2026-04-11T12:55:00Z

value	0.0053
scoring_system	epss
scoring_elements	0.6727
published_at	2026-04-16T12:55:00Z

value	0.0053
scoring_system	epss
scoring_elements	0.67235
published_at	2026-04-13T12:55:00Z

value	0.0053
scoring_system	epss
scoring_elements	0.67282
published_at	2026-04-18T12:55:00Z

value	0.0053
scoring_system	epss
scoring_elements	0.67162
published_at	2026-04-01T12:55:00Z

value	0.0053
scoring_system	epss
scoring_elements	0.672
published_at	2026-04-07T12:55:00Z

value	0.0053
scoring_system	epss
scoring_elements	0.67224
published_at	2026-04-04T12:55:00Z

value	0.0053
scoring_system	epss
scoring_elements	0.67251
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-12632

reference_url

https://nifi.apache.org/security.html#CVE-2017-12632

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nifi.apache.org/security.html#CVE-2017-12632

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-12632

reference_id

CVE-2017-12632

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-12632

reference_url

https://github.com/advisories/GHSA-w4x6-j349-9r57

reference_id

GHSA-w4x6-j349-9r57

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w4x6-j349-9r57

fixed_packages

url pkg:maven/org.apache.nifi/nifi@1.5.0

purl pkg:maven/org.apache.nifi/nifi@1.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dsr-hras-zudk

vulnerability	VCID-2ema-4jrp-3kfr

vulnerability	VCID-3eka-p4cs-f3dz

vulnerability	VCID-4v3d-ugqf-uyag

vulnerability	VCID-6mt2-4tn4-5bcb

vulnerability	VCID-bppj-knks-jybe

vulnerability	VCID-bpqd-tx8f-kycf

vulnerability	VCID-g74u-zmqj-gyb7

vulnerability	VCID-gqjq-sbf1-x7ew

vulnerability	VCID-hy35-v2p5-2ycq

vulnerability	VCID-j263-1hyr-t7hn

vulnerability	VCID-rj21-6d19-gqbe

vulnerability	VCID-rn4r-36ab-sfey

vulnerability	VCID-rv8f-q4a4-xqbk

vulnerability	VCID-yrgr-3cv3-b3ff

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.5.0

aliases CVE-2017-12632, GHSA-w4x6-j349-9r57

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k1bm-1u7b-vybp

url VCID-r9su-47z6-x7cw

vulnerability_id VCID-r9su-47z6-x7cw

summary

Origin Validation Error
Apache NiFi needs to establish the response header telling browsers to only allow framing with the same origin.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7667

reference_id

reference_type

scores

value	0.00392
scoring_system	epss
scoring_elements	0.60232
published_at	2026-04-21T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60193
published_at	2026-04-08T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60207
published_at	2026-04-09T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60228
published_at	2026-04-11T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60215
published_at	2026-04-12T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60197
published_at	2026-04-13T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60237
published_at	2026-04-16T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60244
published_at	2026-04-18T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60071
published_at	2026-04-01T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60149
published_at	2026-04-02T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60174
published_at	2026-04-04T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60143
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7667

reference_url

https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce@%3Cdev.nifi.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce@%3Cdev.nifi.apache.org%3E

reference_url

http://www.securityfocus.com/bid/99018

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/99018

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7667

reference_id

CVE-2017-7667

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7667

reference_url

https://github.com/advisories/GHSA-jvx9-rj3w-jq99

reference_id

GHSA-jvx9-rj3w-jq99

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jvx9-rj3w-jq99

fixed_packages

url pkg:maven/org.apache.nifi/nifi@0.7.4

purl pkg:maven/org.apache.nifi/nifi@0.7.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3eka-p4cs-f3dz

vulnerability	VCID-4fnm-bxv8-vqhz

vulnerability	VCID-bpqd-tx8f-kycf

vulnerability	VCID-hy35-v2p5-2ycq

vulnerability	VCID-j263-1hyr-t7hn

vulnerability	VCID-k1bm-1u7b-vybp

vulnerability	VCID-rn4r-36ab-sfey

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@0.7.4

url pkg:maven/org.apache.nifi/nifi@1.3.0

purl pkg:maven/org.apache.nifi/nifi@1.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dsr-hras-zudk

vulnerability	VCID-2ema-4jrp-3kfr

vulnerability	VCID-3eka-p4cs-f3dz

vulnerability	VCID-3rp1-pc25-euhm

vulnerability	VCID-4v3d-ugqf-uyag

vulnerability	VCID-6mt2-4tn4-5bcb

vulnerability	VCID-bppj-knks-jybe

vulnerability	VCID-bpqd-tx8f-kycf

vulnerability	VCID-g74u-zmqj-gyb7

vulnerability	VCID-gqjq-sbf1-x7ew

vulnerability	VCID-hy35-v2p5-2ycq

vulnerability	VCID-j263-1hyr-t7hn

vulnerability	VCID-k1bm-1u7b-vybp

vulnerability	VCID-rj21-6d19-gqbe

vulnerability	VCID-rjau-hbsn-u3ah

vulnerability	VCID-rn4r-36ab-sfey

vulnerability	VCID-rv8f-q4a4-xqbk

vulnerability	VCID-w18h-3c8s-s3eq

vulnerability	VCID-yrgr-3cv3-b3ff

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.3.0

aliases CVE-2017-7667, GHSA-jvx9-rj3w-jq99

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r9su-47z6-x7cw

url VCID-rn4r-36ab-sfey

vulnerability_id VCID-rn4r-36ab-sfey

summary

Exposure of Sensitive Information to an Unauthorized Actor
In the TransformXML processor of Apache NiFi an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44145

reference_id

reference_type

scores

value	0.00315
scoring_system	epss
scoring_elements	0.54612
published_at	2026-04-21T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54625
published_at	2026-04-08T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.5462
published_at	2026-04-09T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54633
published_at	2026-04-11T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54616
published_at	2026-04-12T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54595
published_at	2026-04-13T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54632
published_at	2026-04-16T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54634
published_at	2026-04-18T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54509
published_at	2026-04-01T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54581
published_at	2026-04-02T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54605
published_at	2026-04-04T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54574
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44145

reference_url

https://nifi.apache.org/security.html#1.15.1-vulnerabilities

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nifi.apache.org/security.html#1.15.1-vulnerabilities

reference_url

http://www.openwall.com/lists/oss-security/2021/12/17/1

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/12/17/1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-44145

reference_id

CVE-2021-44145

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-44145

reference_url

https://github.com/advisories/GHSA-rq96-qhc5-vm4r

reference_id

GHSA-rq96-qhc5-vm4r

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rq96-qhc5-vm4r

fixed_packages

url pkg:maven/org.apache.nifi/nifi@1.15.1

purl pkg:maven/org.apache.nifi/nifi@1.15.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3eka-p4cs-f3dz

vulnerability	VCID-4uja-72yx-6qdc

vulnerability	VCID-bpqd-tx8f-kycf

vulnerability	VCID-dmw5-6pw6-j3d6

vulnerability	VCID-g74u-zmqj-gyb7

vulnerability	VCID-hy35-v2p5-2ycq

vulnerability	VCID-rv8f-q4a4-xqbk

vulnerability	VCID-xhjy-xmhq-abh7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.15.1

aliases CVE-2021-44145, GHSA-rq96-qhc5-vm4r

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rn4r-36ab-sfey

url VCID-rv8f-q4a4-xqbk

vulnerability_id VCID-rv8f-q4a4-xqbk

summary

Apache NiFi Code Injection vulnerability
Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission for referencing remote resources, restricting configuration of these components to privileged users. The permission prevents unprivileged users from configuring Processors and Controller Services annotated with the new Reference Remote Resources restriction. Upgrading to Apache NiFi 1.23.0 is the recommended mitigation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-36542

reference_id

reference_type

scores

value	0.0096
scoring_system	epss
scoring_elements	0.76419
published_at	2026-04-02T12:55:00Z

value	0.0096
scoring_system	epss
scoring_elements	0.76515
published_at	2026-04-16T12:55:00Z

value	0.0096
scoring_system	epss
scoring_elements	0.76479
published_at	2026-04-12T12:55:00Z

value	0.0096
scoring_system	epss
scoring_elements	0.76501
published_at	2026-04-11T12:55:00Z

value	0.0096
scoring_system	epss
scoring_elements	0.76475
published_at	2026-04-13T12:55:00Z

value	0.0096
scoring_system	epss
scoring_elements	0.76461
published_at	2026-04-08T12:55:00Z

value	0.0096
scoring_system	epss
scoring_elements	0.76429
published_at	2026-04-07T12:55:00Z

value	0.0096
scoring_system	epss
scoring_elements	0.76448
published_at	2026-04-04T12:55:00Z

value	0.0096
scoring_system	epss
scoring_elements	0.76507
published_at	2026-04-21T12:55:00Z

value	0.0096
scoring_system	epss
scoring_elements	0.76519
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-36542

reference_url

http://seclists.org/fulldisclosure/2023/Jul/43

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/

url

http://seclists.org/fulldisclosure/2023/Jul/43

reference_url

https://github.com/apache/nifi

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/nifi

reference_url

https://github.com/apache/nifi/commit/532578799c

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/nifi/commit/532578799c

reference_url

https://issues.apache.org/jira/browse/NIFI-11744

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/NIFI-11744

reference_url

https://lists.apache.org/thread/swnly3dzhhq9zo3rofc8djq77stkhbof

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/

url

https://lists.apache.org/thread/swnly3dzhhq9zo3rofc8djq77stkhbof

reference_url

https://nifi.apache.org/security.html#CVE-2023-36542

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/

url

https://nifi.apache.org/security.html#CVE-2023-36542

reference_url

http://www.openwall.com/lists/oss-security/2023/07/29/1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/

url

http://www.openwall.com/lists/oss-security/2023/07/29/1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-36542

reference_id

CVE-2023-36542

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-36542

reference_url

https://github.com/advisories/GHSA-r969-8v3h-23v9

reference_id

GHSA-r969-8v3h-23v9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r969-8v3h-23v9

fixed_packages

url pkg:maven/org.apache.nifi/nifi@1.23.0

purl pkg:maven/org.apache.nifi/nifi@1.23.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hy35-v2p5-2ycq

vulnerability	VCID-ues1-6z47-q7hc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.23.0

aliases CVE-2023-36542, GHSA-r969-8v3h-23v9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rv8f-q4a4-xqbk

url VCID-tnfn-2kzc-rugx

vulnerability_id VCID-tnfn-2kzc-rugx

summary

Cross-site Scripting
There are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7665

reference_id

reference_type

scores

value	0.00752
scoring_system	epss
scoring_elements	0.73131
published_at	2026-04-01T12:55:00Z

value	0.00752
scoring_system	epss
scoring_elements	0.73162
published_at	2026-04-04T12:55:00Z

value	0.00752
scoring_system	epss
scoring_elements	0.73141
published_at	2026-04-02T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75327
published_at	2026-04-21T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75292
published_at	2026-04-08T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75302
published_at	2026-04-09T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75323
published_at	2026-04-11T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75301
published_at	2026-04-12T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.7529
published_at	2026-04-13T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75329
published_at	2026-04-16T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75336
published_at	2026-04-18T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75249
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7665

reference_url

https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce@%3Cdev.nifi.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce@%3Cdev.nifi.apache.org%3E

reference_url

http://www.securityfocus.com/bid/99009

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/99009

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7665

reference_id

CVE-2017-7665

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7665

reference_url

https://github.com/advisories/GHSA-m5r7-w9v3-ghmx

reference_id

GHSA-m5r7-w9v3-ghmx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m5r7-w9v3-ghmx

fixed_packages

url pkg:maven/org.apache.nifi/nifi@0.7.4

purl pkg:maven/org.apache.nifi/nifi@0.7.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3eka-p4cs-f3dz

vulnerability	VCID-4fnm-bxv8-vqhz

vulnerability	VCID-bpqd-tx8f-kycf

vulnerability	VCID-hy35-v2p5-2ycq

vulnerability	VCID-j263-1hyr-t7hn

vulnerability	VCID-k1bm-1u7b-vybp

vulnerability	VCID-rn4r-36ab-sfey

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@0.7.4

url pkg:maven/org.apache.nifi/nifi@1.3.0

purl pkg:maven/org.apache.nifi/nifi@1.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dsr-hras-zudk

vulnerability	VCID-2ema-4jrp-3kfr

vulnerability	VCID-3eka-p4cs-f3dz

vulnerability	VCID-3rp1-pc25-euhm

vulnerability	VCID-4v3d-ugqf-uyag

vulnerability	VCID-6mt2-4tn4-5bcb

vulnerability	VCID-bppj-knks-jybe

vulnerability	VCID-bpqd-tx8f-kycf

vulnerability	VCID-g74u-zmqj-gyb7

vulnerability	VCID-gqjq-sbf1-x7ew

vulnerability	VCID-hy35-v2p5-2ycq

vulnerability	VCID-j263-1hyr-t7hn

vulnerability	VCID-k1bm-1u7b-vybp

vulnerability	VCID-rj21-6d19-gqbe

vulnerability	VCID-rjau-hbsn-u3ah

vulnerability	VCID-rn4r-36ab-sfey

vulnerability	VCID-rv8f-q4a4-xqbk

vulnerability	VCID-w18h-3c8s-s3eq

vulnerability	VCID-yrgr-3cv3-b3ff

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.3.0

aliases CVE-2017-7665, GHSA-m5r7-w9v3-ghmx

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tnfn-2kzc-rugx

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@0.4.1

Package Instance