Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.nifi/nifi-standard-processors@0.6.1

Type maven

Namespace org.apache.nifi

Name nifi-standard-processors

Version 0.6.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.23.0

Latest_non_vulnerable_version 1.23.0

Affected_by_vulnerabilities

url VCID-gg7c-f154-5bge

vulnerability_id VCID-gg7c-f154-5bge

summary Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1309

reference_id

reference_type

scores

value	0.03674
scoring_system	epss
scoring_elements	0.87913
published_at	2026-04-13T12:55:00Z

value	0.03674
scoring_system	epss
scoring_elements	0.87925
published_at	2026-04-21T12:55:00Z

value	0.03674
scoring_system	epss
scoring_elements	0.87854
published_at	2026-04-01T12:55:00Z

value	0.03674
scoring_system	epss
scoring_elements	0.87926
published_at	2026-04-18T12:55:00Z

value	0.03674
scoring_system	epss
scoring_elements	0.87864
published_at	2026-04-02T12:55:00Z

value	0.03674
scoring_system	epss
scoring_elements	0.87877
published_at	2026-04-04T12:55:00Z

value	0.03674
scoring_system	epss
scoring_elements	0.87881
published_at	2026-04-07T12:55:00Z

value	0.03674
scoring_system	epss
scoring_elements	0.87903
published_at	2026-04-08T12:55:00Z

value	0.03674
scoring_system	epss
scoring_elements	0.87909
published_at	2026-04-09T12:55:00Z

value	0.03674
scoring_system	epss
scoring_elements	0.8792
published_at	2026-04-11T12:55:00Z

value	0.03674
scoring_system	epss
scoring_elements	0.87927
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1309

reference_url

https://github.com/apache/nifi

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/nifi

reference_url

https://github.com/apache/nifi/commit/28067a29fd13cdf8e21b440fc65c6dd67872522f

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/nifi/commit/28067a29fd13cdf8e21b440fc65c6dd67872522f

reference_url

https://issues.apache.org/jira/browse/NIFI-4869

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/NIFI-4869

reference_url

https://nifi.apache.org/security.html#CVE-2018-1309

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nifi.apache.org/security.html#CVE-2018-1309

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:nifi::::::::
reference_id	cpe:2.3:a:apache:nifi::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:nifi::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1309

reference_id

CVE-2018-1309

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1309

reference_url

https://github.com/advisories/GHSA-42wx-65g4-5cxv

reference_id

GHSA-42wx-65g4-5cxv

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-42wx-65g4-5cxv

fixed_packages

url pkg:maven/org.apache.nifi/nifi-standard-processors@1.6.0

purl pkg:maven/org.apache.nifi/nifi-standard-processors@1.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@1.6.0

aliases CVE-2018-1309, GHSA-42wx-65g4-5cxv

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gg7c-f154-5bge

url VCID-rv8f-q4a4-xqbk

vulnerability_id VCID-rv8f-q4a4-xqbk

summary

Apache NiFi Code Injection vulnerability
Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission for referencing remote resources, restricting configuration of these components to privileged users. The permission prevents unprivileged users from configuring Processors and Controller Services annotated with the new Reference Remote Resources restriction. Upgrading to Apache NiFi 1.23.0 is the recommended mitigation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-36542

reference_id

reference_type

scores

value	0.0096
scoring_system	epss
scoring_elements	0.76419
published_at	2026-04-02T12:55:00Z

value	0.0096
scoring_system	epss
scoring_elements	0.76515
published_at	2026-04-16T12:55:00Z

value	0.0096
scoring_system	epss
scoring_elements	0.76479
published_at	2026-04-12T12:55:00Z

value	0.0096
scoring_system	epss
scoring_elements	0.76501
published_at	2026-04-11T12:55:00Z

value	0.0096
scoring_system	epss
scoring_elements	0.76475
published_at	2026-04-13T12:55:00Z

value	0.0096
scoring_system	epss
scoring_elements	0.76461
published_at	2026-04-08T12:55:00Z

value	0.0096
scoring_system	epss
scoring_elements	0.76429
published_at	2026-04-07T12:55:00Z

value	0.0096
scoring_system	epss
scoring_elements	0.76448
published_at	2026-04-04T12:55:00Z

value	0.0096
scoring_system	epss
scoring_elements	0.76507
published_at	2026-04-21T12:55:00Z

value	0.0096
scoring_system	epss
scoring_elements	0.76519
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-36542

reference_url

http://seclists.org/fulldisclosure/2023/Jul/43

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/

url

http://seclists.org/fulldisclosure/2023/Jul/43

reference_url

https://github.com/apache/nifi

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/nifi

reference_url

https://github.com/apache/nifi/commit/532578799c

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/nifi/commit/532578799c

reference_url

https://issues.apache.org/jira/browse/NIFI-11744

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/NIFI-11744

reference_url

https://lists.apache.org/thread/swnly3dzhhq9zo3rofc8djq77stkhbof

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/

url

https://lists.apache.org/thread/swnly3dzhhq9zo3rofc8djq77stkhbof

reference_url

https://nifi.apache.org/security.html#CVE-2023-36542

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/

url

https://nifi.apache.org/security.html#CVE-2023-36542

reference_url

http://www.openwall.com/lists/oss-security/2023/07/29/1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/

url

http://www.openwall.com/lists/oss-security/2023/07/29/1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-36542

reference_id

CVE-2023-36542

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-36542

reference_url

https://github.com/advisories/GHSA-r969-8v3h-23v9

reference_id

GHSA-r969-8v3h-23v9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r969-8v3h-23v9

fixed_packages

url	pkg:maven/org.apache.nifi/nifi-standard-processors@1.23.0
purl	pkg:maven/org.apache.nifi/nifi-standard-processors@1.23.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@1.23.0

aliases CVE-2023-36542, GHSA-r969-8v3h-23v9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rv8f-q4a4-xqbk

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@0.6.1

Package Instance