Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.nifi/nifi@1.13.1
Typemaven
Namespaceorg.apache.nifi
Namenifi
Version1.13.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.24.0
Latest_non_vulnerable_version1.24.0
Affected_by_vulnerabilities
0
url VCID-3eka-p4cs-f3dz
vulnerability_id VCID-3eka-p4cs-f3dz
summary 
Apache NiFi vulnerable to Code Injection
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.

The resolution validates the Database URL and rejects H2 JDBC locations.

You are recommended to upgrade to version 1.22.0 or later which fixes this issue.
references
0
reference_url http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/
url http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34468
reference_id
reference_type
scores
0
value 0.77205
scoring_system epss
scoring_elements 0.98975
published_at 2026-04-18T12:55:00Z
1
value 0.77205
scoring_system epss
scoring_elements 0.98965
published_at 2026-04-02T12:55:00Z
2
value 0.77205
scoring_system epss
scoring_elements 0.98967
published_at 2026-04-04T12:55:00Z
3
value 0.77205
scoring_system epss
scoring_elements 0.98969
published_at 2026-04-07T12:55:00Z
4
value 0.77205
scoring_system epss
scoring_elements 0.98971
published_at 2026-04-09T12:55:00Z
5
value 0.77205
scoring_system epss
scoring_elements 0.98972
published_at 2026-04-12T12:55:00Z
6
value 0.77205
scoring_system epss
scoring_elements 0.98973
published_at 2026-04-13T12:55:00Z
7
value 0.77205
scoring_system epss
scoring_elements 0.98974
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34468
2
reference_url https://exceptionfactory.com/posts/2023/10/07/firsthand-analysis-of-apache-nifi-vulnerability-cve-2023-34468
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://exceptionfactory.com/posts/2023/10/07/firsthand-analysis-of-apache-nifi-vulnerability-cve-2023-34468
3
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
4
reference_url https://github.com/apache/nifi/commit/4faf3ea59895e7e153db3f8f61147ff70a254361
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/4faf3ea59895e7e153db3f8f61147ff70a254361
5
reference_url https://github.com/apache/nifi/pull/7349
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/pull/7349
6
reference_url https://issues.apache.org/jira/browse/NIFI-11653
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/NIFI-11653
7
reference_url https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/
url https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8
8
reference_url https://nifi.apache.org/security.html#CVE-2023-34468
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/
url https://nifi.apache.org/security.html#CVE-2023-34468
9
reference_url https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation
10
reference_url http://www.openwall.com/lists/oss-security/2023/06/12/3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/
url http://www.openwall.com/lists/oss-security/2023/06/12/3
11
reference_url https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/
reference_id apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/
url https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34468
reference_id CVE-2023-34468
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34468
13
reference_url https://github.com/advisories/GHSA-xm2m-2q6h-22jw
reference_id GHSA-xm2m-2q6h-22jw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xm2m-2q6h-22jw
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.22.0
purl pkg:maven/org.apache.nifi/nifi@1.22.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hy35-v2p5-2ycq
1
vulnerability VCID-rv8f-q4a4-xqbk
2
vulnerability VCID-ues1-6z47-q7hc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.22.0
aliases CVE-2023-34468, GHSA-xm2m-2q6h-22jw
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3eka-p4cs-f3dz
1
url VCID-4uja-72yx-6qdc
vulnerability_id VCID-4uja-72yx-6qdc
summary 
Deserialization of Untrusted Data
The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location.

The resolution validates the JNDI URL and restricts locations to a set of allowed schemes.

You are recommended to upgrade to version 1.22.0 or later which fixes this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34212
reference_id
reference_type
scores
0
value 0.00779
scoring_system epss
scoring_elements 0.73667
published_at 2026-04-09T12:55:00Z
1
value 0.00779
scoring_system epss
scoring_elements 0.73654
published_at 2026-04-08T12:55:00Z
2
value 0.00779
scoring_system epss
scoring_elements 0.73716
published_at 2026-04-18T12:55:00Z
3
value 0.00779
scoring_system epss
scoring_elements 0.73707
published_at 2026-04-16T12:55:00Z
4
value 0.00779
scoring_system epss
scoring_elements 0.73663
published_at 2026-04-13T12:55:00Z
5
value 0.00779
scoring_system epss
scoring_elements 0.73672
published_at 2026-04-12T12:55:00Z
6
value 0.00779
scoring_system epss
scoring_elements 0.73689
published_at 2026-04-11T12:55:00Z
7
value 0.00909
scoring_system epss
scoring_elements 0.75748
published_at 2026-04-02T12:55:00Z
8
value 0.00909
scoring_system epss
scoring_elements 0.75759
published_at 2026-04-07T12:55:00Z
9
value 0.00909
scoring_system epss
scoring_elements 0.7578
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34212
1
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
2
reference_url https://github.com/apache/nifi/commit/3fcb82ee4509d1ad73893d8dca003be6d086c5d6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/3fcb82ee4509d1ad73893d8dca003be6d086c5d6
3
reference_url https://github.com/apache/nifi/pull/7313
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/pull/7313
4
reference_url https://issues.apache.org/jira/browse/NIFI-11614
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/NIFI-11614
5
reference_url https://lists.apache.org/thread/w5rm46fxmvxy216tglf0dv83wo6gnzr5
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T13:37:27Z/
url https://lists.apache.org/thread/w5rm46fxmvxy216tglf0dv83wo6gnzr5
6
reference_url https://nifi.apache.org/security.html#CVE-2023-34212
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T13:37:27Z/
url https://nifi.apache.org/security.html#CVE-2023-34212
7
reference_url http://www.openwall.com/lists/oss-security/2023/06/12/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T13:37:27Z/
url http://www.openwall.com/lists/oss-security/2023/06/12/2
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34212
reference_id CVE-2023-34212
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34212
9
reference_url https://github.com/advisories/GHSA-65wh-g8x8-gm2h
reference_id GHSA-65wh-g8x8-gm2h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-65wh-g8x8-gm2h
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.22.0
purl pkg:maven/org.apache.nifi/nifi@1.22.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hy35-v2p5-2ycq
1
vulnerability VCID-rv8f-q4a4-xqbk
2
vulnerability VCID-ues1-6z47-q7hc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.22.0
aliases CVE-2023-34212, GHSA-65wh-g8x8-gm2h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4uja-72yx-6qdc
2
url VCID-bpqd-tx8f-kycf
vulnerability_id VCID-bpqd-tx8f-kycf
summary 
Improper Restriction of XML External Entity Reference
Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: - `EvaluateXPath` - `EvaluateXQuery` - `ValidateXml` Apache NiFi flow configurations that include these Processors is vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29265
reference_id
reference_type
scores
0
value 0.0212
scoring_system epss
scoring_elements 0.8416
published_at 2026-04-18T12:55:00Z
1
value 0.0212
scoring_system epss
scoring_elements 0.84081
published_at 2026-04-02T12:55:00Z
2
value 0.0212
scoring_system epss
scoring_elements 0.84098
published_at 2026-04-04T12:55:00Z
3
value 0.0212
scoring_system epss
scoring_elements 0.841
published_at 2026-04-07T12:55:00Z
4
value 0.0212
scoring_system epss
scoring_elements 0.84123
published_at 2026-04-08T12:55:00Z
5
value 0.0212
scoring_system epss
scoring_elements 0.84129
published_at 2026-04-09T12:55:00Z
6
value 0.0212
scoring_system epss
scoring_elements 0.84146
published_at 2026-04-11T12:55:00Z
7
value 0.0212
scoring_system epss
scoring_elements 0.84141
published_at 2026-04-12T12:55:00Z
8
value 0.0212
scoring_system epss
scoring_elements 0.84136
published_at 2026-04-13T12:55:00Z
9
value 0.0212
scoring_system epss
scoring_elements 0.84159
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29265
1
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
2
reference_url https://lists.apache.org/thread/47od9kr9n4cyv0mv81jh3pkyx815kyjl
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/47od9kr9n4cyv0mv81jh3pkyx815kyjl
3
reference_url https://nifi.apache.org/security.html#CVE-2022-29265
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security.html#CVE-2022-29265
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29265
reference_id CVE-2022-29265
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29265
5
reference_url https://github.com/advisories/GHSA-wc97-7623-rxwx
reference_id GHSA-wc97-7623-rxwx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wc97-7623-rxwx
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.16.1
purl pkg:maven/org.apache.nifi/nifi@1.16.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eka-p4cs-f3dz
1
vulnerability VCID-4uja-72yx-6qdc
2
vulnerability VCID-g74u-zmqj-gyb7
3
vulnerability VCID-hy35-v2p5-2ycq
4
vulnerability VCID-rv8f-q4a4-xqbk
5
vulnerability VCID-xhjy-xmhq-abh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.16.1
aliases CVE-2022-29265, GHSA-wc97-7623-rxwx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bpqd-tx8f-kycf
3
url VCID-g74u-zmqj-gyb7
vulnerability_id VCID-g74u-zmqj-gyb7
summary 
XML External Entity Reference in Apache NiFi
The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations and disallows XML External Entity resolution in the ExtractCCDAAttributes Processor.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22832
reference_id
reference_type
scores
0
value 0.02041
scoring_system epss
scoring_elements 0.83867
published_at 2026-04-18T12:55:00Z
1
value 0.02041
scoring_system epss
scoring_elements 0.83783
published_at 2026-04-02T12:55:00Z
2
value 0.02041
scoring_system epss
scoring_elements 0.83797
published_at 2026-04-04T12:55:00Z
3
value 0.02041
scoring_system epss
scoring_elements 0.83798
published_at 2026-04-07T12:55:00Z
4
value 0.02041
scoring_system epss
scoring_elements 0.83822
published_at 2026-04-08T12:55:00Z
5
value 0.02041
scoring_system epss
scoring_elements 0.83828
published_at 2026-04-09T12:55:00Z
6
value 0.02041
scoring_system epss
scoring_elements 0.83844
published_at 2026-04-11T12:55:00Z
7
value 0.02041
scoring_system epss
scoring_elements 0.83837
published_at 2026-04-12T12:55:00Z
8
value 0.02041
scoring_system epss
scoring_elements 0.83833
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22832
1
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
2
reference_url https://github.com/apache/nifi/commit/e966336e8966cf0cbbd12a2c4f2d73a7ceb75cd8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/e966336e8966cf0cbbd12a2c4f2d73a7ceb75cd8
3
reference_url https://lists.apache.org/thread/b51qs6y7b7r58vovddkv6wc16g2xbl3w
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T16:28:56Z/
url https://lists.apache.org/thread/b51qs6y7b7r58vovddkv6wc16g2xbl3w
4
reference_url https://nifi.apache.org/security.html#CVE-2023-22832
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T16:28:56Z/
url https://nifi.apache.org/security.html#CVE-2023-22832
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22832
reference_id CVE-2023-22832
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22832
6
reference_url https://github.com/advisories/GHSA-hxjp-q6c3-38fx
reference_id GHSA-hxjp-q6c3-38fx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hxjp-q6c3-38fx
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.20.0
purl pkg:maven/org.apache.nifi/nifi@1.20.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eka-p4cs-f3dz
1
vulnerability VCID-4uja-72yx-6qdc
2
vulnerability VCID-hy35-v2p5-2ycq
3
vulnerability VCID-rv8f-q4a4-xqbk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.20.0
aliases CVE-2023-22832, GHSA-hxjp-q6c3-38fx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g74u-zmqj-gyb7
4
url VCID-hy35-v2p5-2ycq
vulnerability_id VCID-hy35-v2p5-2ycq
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then arbitrary
JavaScript code can be executed within the session context of the authenticated user. Upgrading to Apache NiFi 1.24.0 or 2.0.0-M1 is the recommended mitigation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49145
reference_id
reference_type
scores
0
value 0.00293
scoring_system epss
scoring_elements 0.52552
published_at 2026-04-02T12:55:00Z
1
value 0.00293
scoring_system epss
scoring_elements 0.52656
published_at 2026-04-18T12:55:00Z
2
value 0.00293
scoring_system epss
scoring_elements 0.52649
published_at 2026-04-16T12:55:00Z
3
value 0.00293
scoring_system epss
scoring_elements 0.5261
published_at 2026-04-13T12:55:00Z
4
value 0.00293
scoring_system epss
scoring_elements 0.52625
published_at 2026-04-12T12:55:00Z
5
value 0.00293
scoring_system epss
scoring_elements 0.52642
published_at 2026-04-11T12:55:00Z
6
value 0.00293
scoring_system epss
scoring_elements 0.52591
published_at 2026-04-09T12:55:00Z
7
value 0.00293
scoring_system epss
scoring_elements 0.52545
published_at 2026-04-07T12:55:00Z
8
value 0.00293
scoring_system epss
scoring_elements 0.52578
published_at 2026-04-04T12:55:00Z
9
value 0.00293
scoring_system epss
scoring_elements 0.52597
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49145
1
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
2
reference_url https://github.com/apache/nifi/commit/50efc55df6bb00ea15adcc2459d5cc82d128857f
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/50efc55df6bb00ea15adcc2459d5cc82d128857f
3
reference_url https://github.com/apache/nifi/pull/8060
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/pull/8060
4
reference_url https://issues.apache.org/jira/browse/NIFI-12403
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/NIFI-12403
5
reference_url https://lists.apache.org/thread/j8rd0qsvgoj0khqck5f49jfbp0fm8r1o
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/j8rd0qsvgoj0khqck5f49jfbp0fm8r1o
6
reference_url https://nifi.apache.org/security.html#CVE-2023-49145
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security.html#CVE-2023-49145
7
reference_url http://www.openwall.com/lists/oss-security/2023/11/27/5
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/11/27/5
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49145
reference_id CVE-2023-49145
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49145
9
reference_url https://github.com/advisories/GHSA-68pr-6fjc-wmgm
reference_id GHSA-68pr-6fjc-wmgm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-68pr-6fjc-wmgm
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.24.0
purl pkg:maven/org.apache.nifi/nifi@1.24.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.24.0
aliases CVE-2023-49145, GHSA-68pr-6fjc-wmgm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hy35-v2p5-2ycq
5
url VCID-rn4r-36ab-sfey
vulnerability_id VCID-rn4r-36ab-sfey
summary 
Exposure of Sensitive Information to an Unauthorized Actor
In the TransformXML processor of Apache NiFi an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-44145
reference_id
reference_type
scores
0
value 0.00315
scoring_system epss
scoring_elements 0.54634
published_at 2026-04-18T12:55:00Z
1
value 0.00315
scoring_system epss
scoring_elements 0.54574
published_at 2026-04-07T12:55:00Z
2
value 0.00315
scoring_system epss
scoring_elements 0.54625
published_at 2026-04-08T12:55:00Z
3
value 0.00315
scoring_system epss
scoring_elements 0.5462
published_at 2026-04-09T12:55:00Z
4
value 0.00315
scoring_system epss
scoring_elements 0.54633
published_at 2026-04-11T12:55:00Z
5
value 0.00315
scoring_system epss
scoring_elements 0.54616
published_at 2026-04-12T12:55:00Z
6
value 0.00315
scoring_system epss
scoring_elements 0.54595
published_at 2026-04-13T12:55:00Z
7
value 0.00315
scoring_system epss
scoring_elements 0.54632
published_at 2026-04-16T12:55:00Z
8
value 0.00315
scoring_system epss
scoring_elements 0.54509
published_at 2026-04-01T12:55:00Z
9
value 0.00315
scoring_system epss
scoring_elements 0.54581
published_at 2026-04-02T12:55:00Z
10
value 0.00315
scoring_system epss
scoring_elements 0.54605
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-44145
1
reference_url https://nifi.apache.org/security.html#1.15.1-vulnerabilities
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security.html#1.15.1-vulnerabilities
2
reference_url http://www.openwall.com/lists/oss-security/2021/12/17/1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/12/17/1
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-44145
reference_id CVE-2021-44145
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-44145
4
reference_url https://github.com/advisories/GHSA-rq96-qhc5-vm4r
reference_id GHSA-rq96-qhc5-vm4r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rq96-qhc5-vm4r
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.15.1
purl pkg:maven/org.apache.nifi/nifi@1.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eka-p4cs-f3dz
1
vulnerability VCID-4uja-72yx-6qdc
2
vulnerability VCID-bpqd-tx8f-kycf
3
vulnerability VCID-dmw5-6pw6-j3d6
4
vulnerability VCID-g74u-zmqj-gyb7
5
vulnerability VCID-hy35-v2p5-2ycq
6
vulnerability VCID-rv8f-q4a4-xqbk
7
vulnerability VCID-xhjy-xmhq-abh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.15.1
aliases CVE-2021-44145, GHSA-rq96-qhc5-vm4r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rn4r-36ab-sfey
6
url VCID-rv8f-q4a4-xqbk
vulnerability_id VCID-rv8f-q4a4-xqbk
summary 
Apache NiFi Code Injection vulnerability
Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission for referencing remote resources, restricting configuration of these components to privileged users. The permission prevents unprivileged users from configuring Processors and Controller Services annotated with the new Reference Remote Resources restriction. Upgrading to Apache NiFi 1.23.0 is the recommended mitigation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36542
reference_id
reference_type
scores
0
value 0.0096
scoring_system epss
scoring_elements 0.76419
published_at 2026-04-02T12:55:00Z
1
value 0.0096
scoring_system epss
scoring_elements 0.76515
published_at 2026-04-16T12:55:00Z
2
value 0.0096
scoring_system epss
scoring_elements 0.76479
published_at 2026-04-12T12:55:00Z
3
value 0.0096
scoring_system epss
scoring_elements 0.76501
published_at 2026-04-11T12:55:00Z
4
value 0.0096
scoring_system epss
scoring_elements 0.76475
published_at 2026-04-13T12:55:00Z
5
value 0.0096
scoring_system epss
scoring_elements 0.76461
published_at 2026-04-08T12:55:00Z
6
value 0.0096
scoring_system epss
scoring_elements 0.76429
published_at 2026-04-07T12:55:00Z
7
value 0.0096
scoring_system epss
scoring_elements 0.76448
published_at 2026-04-04T12:55:00Z
8
value 0.0096
scoring_system epss
scoring_elements 0.76519
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36542
1
reference_url http://seclists.org/fulldisclosure/2023/Jul/43
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/
url http://seclists.org/fulldisclosure/2023/Jul/43
2
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
3
reference_url https://github.com/apache/nifi/commit/532578799c
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/532578799c
4
reference_url https://issues.apache.org/jira/browse/NIFI-11744
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/NIFI-11744
5
reference_url https://lists.apache.org/thread/swnly3dzhhq9zo3rofc8djq77stkhbof
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/
url https://lists.apache.org/thread/swnly3dzhhq9zo3rofc8djq77stkhbof
6
reference_url https://nifi.apache.org/security.html#CVE-2023-36542
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/
url https://nifi.apache.org/security.html#CVE-2023-36542
7
reference_url http://www.openwall.com/lists/oss-security/2023/07/29/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/
url http://www.openwall.com/lists/oss-security/2023/07/29/1
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36542
reference_id CVE-2023-36542
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36542
9
reference_url https://github.com/advisories/GHSA-r969-8v3h-23v9
reference_id GHSA-r969-8v3h-23v9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r969-8v3h-23v9
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.23.0
purl pkg:maven/org.apache.nifi/nifi@1.23.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hy35-v2p5-2ycq
1
vulnerability VCID-ues1-6z47-q7hc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.23.0
aliases CVE-2023-36542, GHSA-r969-8v3h-23v9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rv8f-q4a4-xqbk
7
url VCID-xhjy-xmhq-abh7
vulnerability_id VCID-xhjy-xmhq-abh7
summary 
Code injection in Apache NiFi and NiFi Registry
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-33140
reference_id
reference_type
scores
0
value 0.03884
scoring_system epss
scoring_elements 0.88263
published_at 2026-04-18T12:55:00Z
1
value 0.03884
scoring_system epss
scoring_elements 0.882
published_at 2026-04-02T12:55:00Z
2
value 0.03884
scoring_system epss
scoring_elements 0.88215
published_at 2026-04-04T12:55:00Z
3
value 0.03884
scoring_system epss
scoring_elements 0.88221
published_at 2026-04-07T12:55:00Z
4
value 0.03884
scoring_system epss
scoring_elements 0.88241
published_at 2026-04-08T12:55:00Z
5
value 0.03884
scoring_system epss
scoring_elements 0.88247
published_at 2026-04-09T12:55:00Z
6
value 0.03884
scoring_system epss
scoring_elements 0.88258
published_at 2026-04-11T12:55:00Z
7
value 0.03884
scoring_system epss
scoring_elements 0.88251
published_at 2026-04-12T12:55:00Z
8
value 0.03884
scoring_system epss
scoring_elements 0.8825
published_at 2026-04-13T12:55:00Z
9
value 0.03884
scoring_system epss
scoring_elements 0.88264
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-33140
1
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
2
reference_url https://lists.apache.org/thread/bzs2pcdjsdrh5039oslmfr9mbs9qqdhr
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/bzs2pcdjsdrh5039oslmfr9mbs9qqdhr
3
reference_url https://nifi.apache.org/security.html#CVE-2022-33140
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security.html#CVE-2022-33140
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-33140
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-33140
5
reference_url https://github.com/advisories/GHSA-77hf-23pq-2g7c
reference_id GHSA-77hf-23pq-2g7c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-77hf-23pq-2g7c
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.16.3
purl pkg:maven/org.apache.nifi/nifi@1.16.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eka-p4cs-f3dz
1
vulnerability VCID-4uja-72yx-6qdc
2
vulnerability VCID-g74u-zmqj-gyb7
3
vulnerability VCID-hy35-v2p5-2ycq
4
vulnerability VCID-rv8f-q4a4-xqbk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.16.3
aliases CVE-2022-33140, GHSA-77hf-23pq-2g7c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xhjy-xmhq-abh7
Fixing_vulnerabilities
0
url VCID-uuju-ey95-tyfq
vulnerability_id VCID-uuju-ey95-tyfq
summary 
DOS vulnerability for Quoted Quality CSV headers
### Impact
When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values.  A single request can easily consume minutes of CPU time before it is even dispatched to the application.

The only features within Jetty that can trigger this behavior are:

- Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc)
- `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc)
- `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call.
- `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header.
- `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app)

### Versions
`QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. 

Currently, known vulnerable versions include:

- 9.4.6.v20170531 thru to 9.4.36.v20210114
- 10.0.0
- 11.0.0

### Workarounds

Quality ordered values are used infrequently by jetty so they can be avoided by:

 * Do not use the default error page/handler.
 * Do not deploy the `StatisticsServlet` exposed to the network
 * Do not call `getLocale` API
 * Do not enable precompressed static content in the `DefaultServlet` 

### Patches

All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php)
- 9.4.37.v20210219 and greater
- 10.0.1 and greater 
- 11.0.1 and greater
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27223.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27223.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-27223
reference_id
reference_type
scores
0
value 0.33816
scoring_system epss
scoring_elements 0.96923
published_at 2026-04-01T12:55:00Z
1
value 0.33816
scoring_system epss
scoring_elements 0.96964
published_at 2026-04-18T12:55:00Z
2
value 0.33816
scoring_system epss
scoring_elements 0.9693
published_at 2026-04-02T12:55:00Z
3
value 0.33816
scoring_system epss
scoring_elements 0.96935
published_at 2026-04-04T12:55:00Z
4
value 0.33816
scoring_system epss
scoring_elements 0.9696
published_at 2026-04-16T12:55:00Z
5
value 0.33816
scoring_system epss
scoring_elements 0.96953
published_at 2026-04-13T12:55:00Z
6
value 0.33816
scoring_system epss
scoring_elements 0.96952
published_at 2026-04-12T12:55:00Z
7
value 0.33816
scoring_system epss
scoring_elements 0.96951
published_at 2026-04-11T12:55:00Z
8
value 0.33816
scoring_system epss
scoring_elements 0.96948
published_at 2026-04-09T12:55:00Z
9
value 0.33816
scoring_system epss
scoring_elements 0.96938
published_at 2026-04-07T12:55:00Z
10
value 0.33816
scoring_system epss
scoring_elements 0.96947
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-27223
2
reference_url https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27216
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27216
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28169
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34428
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34428
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/eclipse/jetty.project
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project
12
reference_url https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7
13
reference_url https://lists.apache.org/thread.html/r068dfd35ce2193f6af28b74ff29ab148c2b2cacb235995576f5bea78@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r068dfd35ce2193f6af28b74ff29ab148c2b2cacb235995576f5bea78@%3Cissues.solr.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/r07aedcb1ece62969c406cb84c8f0e22cec7e42cdc272f3176e473320@%3Cusers.solr.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r07aedcb1ece62969c406cb84c8f0e22cec7e42cdc272f3176e473320@%3Cusers.solr.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/r0b639bd9bfaea265022125d18acd2fc6456044b76609ec74772c9567@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r0b639bd9bfaea265022125d18acd2fc6456044b76609ec74772c9567@%3Cissues.zookeeper.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/r0c6eced465950743f3041b03767a32b2e98d19731bd72277fc7ea428@%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r0c6eced465950743f3041b03767a32b2e98d19731bd72277fc7ea428@%3Ccommits.zookeeper.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/r0cdab13815fc419805a332278c8d27e354e78560944fc36db0bdc760@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r0cdab13815fc419805a332278c8d27e354e78560944fc36db0bdc760@%3Cnotifications.zookeeper.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/r0e25cdf3722a24c53049d37396f0da8502cb4b7cdc481650dc601dbc@%3Cgitbox.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r0e25cdf3722a24c53049d37396f0da8502cb4b7cdc481650dc601dbc@%3Cgitbox.activemq.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/r105f4e52feb051faeb9141ef78f909aaf5129d6ed1fc52e099c79463@%3Cissues.spark.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r105f4e52feb051faeb9141ef78f909aaf5129d6ed1fc52e099c79463@%3Cissues.spark.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/r1414ab2b3f4bb4c0e736caff6dc8d15f93f6264f0cca5c47710d7bb3@%3Creviews.spark.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1414ab2b3f4bb4c0e736caff6dc8d15f93f6264f0cca5c47710d7bb3@%3Creviews.spark.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/r1b7ed296a865e3f1337a96ee9cd51f6d154d881a30da36020ca72a4b@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1b7ed296a865e3f1337a96ee9cd51f6d154d881a30da36020ca72a4b@%3Cjira.kafka.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/r1b803e6ebdac5f670708878fb1b27cd7a0ce9d774a60e797e58cee6f@%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1b803e6ebdac5f670708878fb1b27cd7a0ce9d774a60e797e58cee6f@%3Cissues.nifi.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/r26d9196f4d2afb9bec2784bcb6fc183aca82e4119bf41bdc613eec01@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r26d9196f4d2afb9bec2784bcb6fc183aca82e4119bf41bdc613eec01@%3Cnotifications.zookeeper.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/r27ad7843d060762cc942820566eeaa9639f75371afedf8124b943283@%3Cissues.spark.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r27ad7843d060762cc942820566eeaa9639f75371afedf8124b943283@%3Cissues.spark.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/r2c2c7b2971360fb946bbf062c58d7245927dd1ce9150fc9987f65409@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2c2c7b2971360fb946bbf062c58d7245927dd1ce9150fc9987f65409@%3Cjira.kafka.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/r2c947376491a20d1cf143bf3c21ed74113e099d806cfe4c490a45ad8@%3Creviews.spark.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2c947376491a20d1cf143bf3c21ed74113e099d806cfe4c490a45ad8@%3Creviews.spark.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/r35ab810c0f3016b3fd3a3fa9088a2d2781b354a810780ce74d022b6c@%3Cdev.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r35ab810c0f3016b3fd3a3fa9088a2d2781b354a810780ce74d022b6c@%3Cdev.kafka.apache.org%3E
28
reference_url https://lists.apache.org/thread.html/r3ce0e31b25ad4ee8f7c42b62cfdc72d1b586f5d6accd23f5295b6dd1@%3Cdev.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3ce0e31b25ad4ee8f7c42b62cfdc72d1b586f5d6accd23f5295b6dd1@%3Cdev.kafka.apache.org%3E
29
reference_url https://lists.apache.org/thread.html/r409ee2bae66bfff6aa89e6c74aff535e6248260d3afcb42bfb3b316b@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r409ee2bae66bfff6aa89e6c74aff535e6248260d3afcb42bfb3b316b@%3Cnotifications.zookeeper.apache.org%3E
30
reference_url https://lists.apache.org/thread.html/r463b12b27264c5e1e3c48c8c2cc5d33813d2f0d981102548fb3102fb@%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r463b12b27264c5e1e3c48c8c2cc5d33813d2f0d981102548fb3102fb@%3Cissues.nifi.apache.org%3E
31
reference_url https://lists.apache.org/thread.html/r492cff8488a7f6eb96700afb5d137b719ddb80a833e77f971d2691c6@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r492cff8488a7f6eb96700afb5d137b719ddb80a833e77f971d2691c6@%3Cnotifications.zookeeper.apache.org%3E
32
reference_url https://lists.apache.org/thread.html/r4a456d89a83752a012d88a60ff4b21def6c9f650b9e69ea9fa11c9f9@%3Cissues.spark.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4a456d89a83752a012d88a60ff4b21def6c9f650b9e69ea9fa11c9f9@%3Cissues.spark.apache.org%3E
33
reference_url https://lists.apache.org/thread.html/r4c92ea39167c0f7b096ae8268db496b5451d69606f0304b7c8a994c7@%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4c92ea39167c0f7b096ae8268db496b5451d69606f0304b7c8a994c7@%3Cissues.nifi.apache.org%3E
34
reference_url https://lists.apache.org/thread.html/r51f8975ef47c12a46fbfd7da9efea7f08e1d307fe1dc3042514659ae@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r51f8975ef47c12a46fbfd7da9efea7f08e1d307fe1dc3042514659ae@%3Cnotifications.zookeeper.apache.org%3E
35
reference_url https://lists.apache.org/thread.html/r521a077885ce79c44a799118c878589e81e525cab72d368e5cfb6f61@%3Cissues.spark.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r521a077885ce79c44a799118c878589e81e525cab72d368e5cfb6f61@%3Cissues.spark.apache.org%3E
36
reference_url https://lists.apache.org/thread.html/r5612dc69e1f79c421faf9764ffbc92591e2a69ea417c04cba57f49ea@%3Cuser.karaf.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5612dc69e1f79c421faf9764ffbc92591e2a69ea417c04cba57f49ea@%3Cuser.karaf.apache.org%3E
37
reference_url https://lists.apache.org/thread.html/r562a0cbc5c8cac4d000a27b2854a8ab1b924aa9dd45f8ffbea98e5ad@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r562a0cbc5c8cac4d000a27b2854a8ab1b924aa9dd45f8ffbea98e5ad@%3Cjira.kafka.apache.org%3E
38
reference_url https://lists.apache.org/thread.html/r5b7cc6ac733e0b35816751cf45d152ae246a3f40e0b1e62b101c9522@%3Cdev.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5b7cc6ac733e0b35816751cf45d152ae246a3f40e0b1e62b101c9522@%3Cdev.zookeeper.apache.org%3E
39
reference_url https://lists.apache.org/thread.html/r601f15f3de7ae3a7bbcd780c19155075c56443c2cdc1d193c03b4182@%3Cissues.spark.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r601f15f3de7ae3a7bbcd780c19155075c56443c2cdc1d193c03b4182@%3Cissues.spark.apache.org%3E
40
reference_url https://lists.apache.org/thread.html/r734f996149bb9b1796740385fcbdf3e093eb9aabedc0f20a48ea1d68@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r734f996149bb9b1796740385fcbdf3e093eb9aabedc0f20a48ea1d68@%3Cissues.zookeeper.apache.org%3E
41
reference_url https://lists.apache.org/thread.html/r75ee2a529edb892ac59110cb3f6f91844a932c5034e16c8317f5668d@%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r75ee2a529edb892ac59110cb3f6f91844a932c5034e16c8317f5668d@%3Ccommits.zookeeper.apache.org%3E
42
reference_url https://lists.apache.org/thread.html/r7f4ad5eec0bce2821c308bb23cac53df5c94eb84de1c58de9b95c176@%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7f4ad5eec0bce2821c308bb23cac53df5c94eb84de1c58de9b95c176@%3Ccommits.zookeeper.apache.org%3E
43
reference_url https://lists.apache.org/thread.html/r7fbdb7880be1566f943d80fbbeefde2115c086eba1bef3115350a388@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7fbdb7880be1566f943d80fbbeefde2115c086eba1bef3115350a388@%3Cjira.kafka.apache.org%3E
44
reference_url https://lists.apache.org/thread.html/r7ffd050d3bd7c90d95f4933560b5f4f15971ab9a5f5322fdce116243@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7ffd050d3bd7c90d95f4933560b5f4f15971ab9a5f5322fdce116243@%3Cdev.lucene.apache.org%3E
45
reference_url https://lists.apache.org/thread.html/r855b24a3bde3674256152edfc53fb8c9000f9b59db3fecbbde33b211@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r855b24a3bde3674256152edfc53fb8c9000f9b59db3fecbbde33b211@%3Cissues.solr.apache.org%3E
46
reference_url https://lists.apache.org/thread.html/r857b31ad16c6e76002bc6cca73c83358ed2595477e288286ee82c48d@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r857b31ad16c6e76002bc6cca73c83358ed2595477e288286ee82c48d@%3Cnotifications.zookeeper.apache.org%3E
47
reference_url https://lists.apache.org/thread.html/r897a6a14d03eab09e89b809d2a650f3765065201da5bc3db9a4dd6e8@%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r897a6a14d03eab09e89b809d2a650f3765065201da5bc3db9a4dd6e8@%3Ccommits.zookeeper.apache.org%3E
48
reference_url https://lists.apache.org/thread.html/r8b1963f16d6cb1230ca7ee73b6ec4f5c48f344191dbb1caabd265ee4@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8b1963f16d6cb1230ca7ee73b6ec4f5c48f344191dbb1caabd265ee4@%3Cnotifications.zookeeper.apache.org%3E
49
reference_url https://lists.apache.org/thread.html/r8dc1b13b80d39fbf4a9d158850e15cd868f0460c2f364f13dca7050b@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8dc1b13b80d39fbf4a9d158850e15cd868f0460c2f364f13dca7050b@%3Cnotifications.zookeeper.apache.org%3E
50
reference_url https://lists.apache.org/thread.html/ra2f529da674f25a7351543544f7d621b5227c49a0745913b1194d11e@%3Creviews.spark.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra2f529da674f25a7351543544f7d621b5227c49a0745913b1194d11e@%3Creviews.spark.apache.org%3E
51
reference_url https://lists.apache.org/thread.html/ra384892bab8c03a60613a6a9d5e9cae0a2b800fd882792a55520115e@%3Ccommits.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra384892bab8c03a60613a6a9d5e9cae0a2b800fd882792a55520115e@%3Ccommits.kafka.apache.org%3E
52
reference_url https://lists.apache.org/thread.html/ra40a88a2301a3da86e25b501ff4bc88124f2b816c2917d5f3497f8f0@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra40a88a2301a3da86e25b501ff4bc88124f2b816c2917d5f3497f8f0@%3Cnotifications.zookeeper.apache.org%3E
53
reference_url https://lists.apache.org/thread.html/ra47a26c008487b0a739a368c846e168de06c3cd118d31ecedafa679a@%3Cdev.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra47a26c008487b0a739a368c846e168de06c3cd118d31ecedafa679a@%3Cdev.kafka.apache.org%3E
54
reference_url https://lists.apache.org/thread.html/raa6d60b00b67c0550672b4f506f0df75b323dcd25cf574e91e2f2dff@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/raa6d60b00b67c0550672b4f506f0df75b323dcd25cf574e91e2f2dff@%3Cissues.zookeeper.apache.org%3E
55
reference_url https://lists.apache.org/thread.html/rb79b62ac3085e05656e41865f5a7efcbdc7dcd7843abed9c5fe0fef8@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb79b62ac3085e05656e41865f5a7efcbdc7dcd7843abed9c5fe0fef8@%3Cnotifications.zookeeper.apache.org%3E
56
reference_url https://lists.apache.org/thread.html/rc052fd4e9e9c01bead74c0b5680355ea5dc3b72d46f253cb65d03e43@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc052fd4e9e9c01bead74c0b5680355ea5dc3b72d46f253cb65d03e43@%3Ccommits.druid.apache.org%3E
57
reference_url https://lists.apache.org/thread.html/rc721fe2910533bffb6bd4d69ea8ff4f36066d260dbcd2d14e041614a@%3Cissues.spark.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc721fe2910533bffb6bd4d69ea8ff4f36066d260dbcd2d14e041614a@%3Cissues.spark.apache.org%3E
58
reference_url https://lists.apache.org/thread.html/rd666e187ebea2fda8624683ab51e2a5ad2108f762d21bf1a383d7502@%3Creviews.spark.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd666e187ebea2fda8624683ab51e2a5ad2108f762d21bf1a383d7502@%3Creviews.spark.apache.org%3E
59
reference_url https://lists.apache.org/thread.html/rd8e24a3e482e5984bc8c5492dc790413e4fdc1234e3debb94515796b@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd8e24a3e482e5984bc8c5492dc790413e4fdc1234e3debb94515796b@%3Cjira.kafka.apache.org%3E
60
reference_url https://lists.apache.org/thread.html/rdd6c47321db1bfe12c68a898765bf3b6f97e2afa6a501254ed4feaed@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rdd6c47321db1bfe12c68a898765bf3b6f97e2afa6a501254ed4feaed@%3Cjira.kafka.apache.org%3E
61
reference_url https://lists.apache.org/thread.html/re03a4dbc15df6f390a2f8c0a071c31c8324dbef007e59fdc2592091a@%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re03a4dbc15df6f390a2f8c0a071c31c8324dbef007e59fdc2592091a@%3Ccommits.zookeeper.apache.org%3E
62
reference_url https://lists.apache.org/thread.html/re0d38cc2b5da28f708fc89de49036f3ace052c47a1202f7d70291614@%3Cdev.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re0d38cc2b5da28f708fc89de49036f3ace052c47a1202f7d70291614@%3Cdev.kafka.apache.org%3E
63
reference_url https://lists.apache.org/thread.html/re19fa47ec901cc3cf6d7784027198e8113f8bc2dbfd6c9d6d13f5447@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re19fa47ec901cc3cf6d7784027198e8113f8bc2dbfd6c9d6d13f5447@%3Cnotifications.zookeeper.apache.org%3E
64
reference_url https://lists.apache.org/thread.html/re3bd4f831f9be49871cb6adb997289b5dbcd6fe4bc5cb08223254080@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re3bd4f831f9be49871cb6adb997289b5dbcd6fe4bc5cb08223254080@%3Cdev.lucene.apache.org%3E
65
reference_url https://lists.apache.org/thread.html/re43768896273c0b5f1a03d7f0a9d370852074489d51825fdc0d77f0f@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re43768896273c0b5f1a03d7f0a9d370852074489d51825fdc0d77f0f@%3Cnotifications.zookeeper.apache.org%3E
66
reference_url https://lists.apache.org/thread.html/re819198d4732804dc01fca8b5b144689a118ede49f6128968773595c@%3Ccommits.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re819198d4732804dc01fca8b5b144689a118ede49f6128968773595c@%3Ccommits.kafka.apache.org%3E
67
reference_url https://lists.apache.org/thread.html/reb3c6dc050c7ee18ea154cd94dba85d99aa6b02b84c4bb2138a4abf2@%3Creviews.spark.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/reb3c6dc050c7ee18ea154cd94dba85d99aa6b02b84c4bb2138a4abf2@%3Creviews.spark.apache.org%3E
68
reference_url https://lists.apache.org/thread.html/reca91f217f9e1ce607ce6e19a1c0b3db82b5b1b58cf39a84d6434695@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/reca91f217f9e1ce607ce6e19a1c0b3db82b5b1b58cf39a84d6434695@%3Cnotifications.zookeeper.apache.org%3E
69
reference_url https://lists.apache.org/thread.html/rf190d1d28e1367d1664ef6bc2f71227566d7b6b39209817a5364da1f@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf190d1d28e1367d1664ef6bc2f71227566d7b6b39209817a5364da1f@%3Cissues.solr.apache.org%3E
70
reference_url https://lists.apache.org/thread.html/rf6c2efa3137bc8c22707e550a1f9b80f74bca62b9c8a6f768f2c6b86@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf6c2efa3137bc8c22707e550a1f9b80f74bca62b9c8a6f768f2c6b86@%3Cnotifications.zookeeper.apache.org%3E
71
reference_url https://lists.apache.org/thread.html/rf77f4c4583669f1133d58cc4f1964367e253818ed8db986bb2732f7c@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf77f4c4583669f1133d58cc4f1964367e253818ed8db986bb2732f7c@%3Cnotifications.zookeeper.apache.org%3E
72
reference_url https://lists.apache.org/thread.html/rff630ce92a4d1bb494fc1a3f9b57a3d60819b436505bcd8c6ccc713c@%3Ccommits.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rff630ce92a4d1bb494fc1a3f9b57a3d60819b436505bcd8c6ccc713c@%3Ccommits.kafka.apache.org%3E
73
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-27223
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-27223
74
reference_url https://security.netapp.com/advisory/ntap-20210401-0005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210401-0005
75
reference_url https://security.netapp.com/advisory/ntap-20210401-0005/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210401-0005/
76
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
77
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1934116
reference_id 1934116
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1934116
78
reference_url https://github.com/advisories/GHSA-m394-8rww-3jr7
reference_id GHSA-m394-8rww-3jr7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m394-8rww-3jr7
79
reference_url https://access.redhat.com/errata/RHSA-2021:2431
reference_id RHSA-2021:2431
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2431
80
reference_url https://access.redhat.com/errata/RHSA-2021:2499
reference_id RHSA-2021:2499
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2499
81
reference_url https://access.redhat.com/errata/RHSA-2021:2517
reference_id RHSA-2021:2517
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2517
82
reference_url https://access.redhat.com/errata/RHSA-2021:2689
reference_id RHSA-2021:2689
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2689
83
reference_url https://access.redhat.com/errata/RHSA-2021:3700
reference_id RHSA-2021:3700
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3700
84
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
85
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
86
reference_url https://access.redhat.com/errata/RHSA-2022:6407
reference_id RHSA-2022:6407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6407
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.13.1
purl pkg:maven/org.apache.nifi/nifi@1.13.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eka-p4cs-f3dz
1
vulnerability VCID-4uja-72yx-6qdc
2
vulnerability VCID-bpqd-tx8f-kycf
3
vulnerability VCID-g74u-zmqj-gyb7
4
vulnerability VCID-hy35-v2p5-2ycq
5
vulnerability VCID-rn4r-36ab-sfey
6
vulnerability VCID-rv8f-q4a4-xqbk
7
vulnerability VCID-xhjy-xmhq-abh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.13.1
aliases CVE-2020-27223, GHSA-m394-8rww-3jr7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uuju-ey95-tyfq
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.13.1