Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.nifi/nifi-web-api@1.2.0
Typemaven
Namespaceorg.apache.nifi
Namenifi-web-api
Version1.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.8.0
Latest_non_vulnerable_version2.8.0
Affected_by_vulnerabilities
0
url VCID-mrb8-sr51-vkep
vulnerability_id VCID-mrb8-sr51-vkep
summary 
Apache NiFi user log out issue
When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out to make API requests to NiFi.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12421
reference_id
reference_type
scores
0
value 0.00559
scoring_system epss
scoring_elements 0.68275
published_at 2026-04-16T12:55:00Z
1
value 0.00559
scoring_system epss
scoring_elements 0.68266
published_at 2026-04-21T12:55:00Z
2
value 0.00559
scoring_system epss
scoring_elements 0.68286
published_at 2026-04-18T12:55:00Z
3
value 0.00559
scoring_system epss
scoring_elements 0.68196
published_at 2026-04-02T12:55:00Z
4
value 0.00559
scoring_system epss
scoring_elements 0.68214
published_at 2026-04-04T12:55:00Z
5
value 0.00559
scoring_system epss
scoring_elements 0.68191
published_at 2026-04-07T12:55:00Z
6
value 0.00559
scoring_system epss
scoring_elements 0.68242
published_at 2026-04-08T12:55:00Z
7
value 0.00559
scoring_system epss
scoring_elements 0.68257
published_at 2026-04-09T12:55:00Z
8
value 0.00559
scoring_system epss
scoring_elements 0.68282
published_at 2026-04-11T12:55:00Z
9
value 0.00559
scoring_system epss
scoring_elements 0.68269
published_at 2026-04-12T12:55:00Z
10
value 0.00559
scoring_system epss
scoring_elements 0.68235
published_at 2026-04-13T12:55:00Z
11
value 0.00559
scoring_system epss
scoring_elements 0.68174
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12421
1
reference_url https://github.com/apache/nifi/commit/cf6f5172503ce438c6c22c334c9367f774db7b24
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/cf6f5172503ce438c6c22c334c9367f774db7b24
2
reference_url https://github.com/apache/nifi/pull/3362
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/pull/3362
3
reference_url https://issues.apache.org/jira/browse/NIFI-6085
reference_id
reference_type
scores
url https://issues.apache.org/jira/browse/NIFI-6085
4
reference_url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
6
reference_url https://nifi.apache.org/security.html#CVE-2019-12421
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security.html#CVE-2019-12421
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12421
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12421
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*
9
reference_url https://github.com/advisories/GHSA-fmqw-vqh5-cwq9
reference_id GHSA-fmqw-vqh5-cwq9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fmqw-vqh5-cwq9
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi-web-api@1.10.0
purl pkg:maven/org.apache.nifi/nifi-web-api@1.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eme-vjmz-5fen
1
vulnerability VCID-y19q-bhcy-nqdk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-web-api@1.10.0
aliases CVE-2019-12421, GHSA-fmqw-vqh5-cwq9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mrb8-sr51-vkep
1
url VCID-y19q-bhcy-nqdk
vulnerability_id VCID-y19q-bhcy-nqdk
summary 
Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates
Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to the flow configuration, but framework authorization did not check restricted status when updating a component previously added. The missing authorization requires a more privileged user to add a restricted component to the flow configuration, but permits a less privileged user to make property configuration changes. Apache NiFi installations that do not implement different levels of authorization for Restricted components are not subject to this vulnerability because the framework enforces write permissions as the security boundary. Upgrading to Apache NiFi 2.8.0 is the recommended mitigation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25903
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.07292
published_at 2026-04-18T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07419
published_at 2026-04-21T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.073
published_at 2026-04-16T12:55:00Z
3
value 0.00026
scoring_system epss
scoring_elements 0.07371
published_at 2026-04-13T12:55:00Z
4
value 0.00026
scoring_system epss
scoring_elements 0.07383
published_at 2026-04-12T12:55:00Z
5
value 0.00026
scoring_system epss
scoring_elements 0.07397
published_at 2026-04-11T12:55:00Z
6
value 0.00026
scoring_system epss
scoring_elements 0.07401
published_at 2026-04-09T12:55:00Z
7
value 0.00026
scoring_system epss
scoring_elements 0.07373
published_at 2026-04-08T12:55:00Z
8
value 0.00026
scoring_system epss
scoring_elements 0.07318
published_at 2026-04-07T12:55:00Z
9
value 0.00026
scoring_system epss
scoring_elements 0.07335
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25903
1
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:I/V:C/RE:M/U:Amber
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
2
reference_url https://github.com/apache/nifi/commit/119f8881fbc3cbd0d522b0c549b841da3de01f64
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:I/V:C/RE:M/U:Amber
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/119f8881fbc3cbd0d522b0c549b841da3de01f64
3
reference_url https://issues.apache.org/jira/browse/NIFI-15567
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:I/V:C/RE:M/U:Amber
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/NIFI-15567
4
reference_url https://lists.apache.org/thread/jf6bkt9sk6xvshy8xyxv3vtlxd340345
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:I/V:C/RE:M/U:Amber
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-17T14:29:01Z/
url https://lists.apache.org/thread/jf6bkt9sk6xvshy8xyxv3vtlxd340345
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25903
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:I/V:C/RE:M/U:Amber
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25903
6
reference_url http://www.openwall.com/lists/oss-security/2026/02/16/1
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:I/V:C/RE:M/U:Amber
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/02/16/1
7
reference_url https://github.com/advisories/GHSA-c5w7-m8wf-xc77
reference_id GHSA-c5w7-m8wf-xc77
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c5w7-m8wf-xc77
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi-web-api@2.8.0
purl pkg:maven/org.apache.nifi/nifi-web-api@2.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-web-api@2.8.0
aliases CVE-2026-25903, GHSA-c5w7-m8wf-xc77
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y19q-bhcy-nqdk
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-web-api@1.2.0