| 0 |
| url |
VCID-2dsr-hras-zudk |
| vulnerability_id |
VCID-2dsr-hras-zudk |
| summary |
The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle (MiTM) attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client certificate authentication, same subnet access, and injecting malicious code into an unprotected (plaintext HTTP) website which the targeted user later visits, but the possible damage warranted a Severe severity level. Mitigation: The fix to apply Cross-Origin Resource Sharing (CORS) policy request filtering was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-17195 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00364 |
| scoring_system |
epss |
| scoring_elements |
0.58449 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00364 |
| scoring_system |
epss |
| scoring_elements |
0.58319 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00364 |
| scoring_system |
epss |
| scoring_elements |
0.58404 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00364 |
| scoring_system |
epss |
| scoring_elements |
0.58424 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00364 |
| scoring_system |
epss |
| scoring_elements |
0.58398 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00364 |
| scoring_system |
epss |
| scoring_elements |
0.5845 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00364 |
| scoring_system |
epss |
| scoring_elements |
0.58456 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00364 |
| scoring_system |
epss |
| scoring_elements |
0.58474 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00364 |
| scoring_system |
epss |
| scoring_elements |
0.58454 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00364 |
| scoring_system |
epss |
| scoring_elements |
0.58435 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00364 |
| scoring_system |
epss |
| scoring_elements |
0.58467 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00364 |
| scoring_system |
epss |
| scoring_elements |
0.58472 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-17195 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-17195, GHSA-3jq8-jg75-rqv6
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2dsr-hras-zudk |
|
| 1 |
| url |
VCID-2ema-4jrp-3kfr |
| vulnerability_id |
VCID-2ema-4jrp-3kfr |
| summary |
Inadequate Encryption Strength in Apache NiFi
In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-9491 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0132 |
| scoring_system |
epss |
| scoring_elements |
0.79823 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0132 |
| scoring_system |
epss |
| scoring_elements |
0.79905 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.0132 |
| scoring_system |
epss |
| scoring_elements |
0.79902 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.0132 |
| scoring_system |
epss |
| scoring_elements |
0.79901 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.0132 |
| scoring_system |
epss |
| scoring_elements |
0.79872 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.0132 |
| scoring_system |
epss |
| scoring_elements |
0.7988 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.0132 |
| scoring_system |
epss |
| scoring_elements |
0.79897 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0132 |
| scoring_system |
epss |
| scoring_elements |
0.79876 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.0132 |
| scoring_system |
epss |
| scoring_elements |
0.79868 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.0132 |
| scoring_system |
epss |
| scoring_elements |
0.7984 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.0132 |
| scoring_system |
epss |
| scoring_elements |
0.79852 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.0132 |
| scoring_system |
epss |
| scoring_elements |
0.7983 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-9491 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-9491, GHSA-rfmp-jvr7-hx78
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2ema-4jrp-3kfr |
|
| 2 |
| url |
VCID-3eka-p4cs-f3dz |
| vulnerability_id |
VCID-3eka-p4cs-f3dz |
| summary |
Apache NiFi vulnerable to Code Injection
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.
The resolution validates the Database URL and rejects H2 JDBC locations.
You are recommended to upgrade to version 1.22.0 or later which fixes this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-34468 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.77205 |
| scoring_system |
epss |
| scoring_elements |
0.98975 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.77205 |
| scoring_system |
epss |
| scoring_elements |
0.98965 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.77205 |
| scoring_system |
epss |
| scoring_elements |
0.98967 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.77205 |
| scoring_system |
epss |
| scoring_elements |
0.98969 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.77205 |
| scoring_system |
epss |
| scoring_elements |
0.98971 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.77205 |
| scoring_system |
epss |
| scoring_elements |
0.98972 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.77205 |
| scoring_system |
epss |
| scoring_elements |
0.98973 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.77205 |
| scoring_system |
epss |
| scoring_elements |
0.98974 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-34468 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-34468, GHSA-xm2m-2q6h-22jw
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3eka-p4cs-f3dz |
|
| 3 |
| url |
VCID-3rp1-pc25-euhm |
| vulnerability_id |
VCID-3rp1-pc25-euhm |
| summary |
Improper Restriction of XML External Entity Reference
An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12623 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00299 |
| scoring_system |
epss |
| scoring_elements |
0.53289 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00299 |
| scoring_system |
epss |
| scoring_elements |
0.5325 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.00299 |
| scoring_system |
epss |
| scoring_elements |
0.53245 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00299 |
| scoring_system |
epss |
| scoring_elements |
0.53296 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00299 |
| scoring_system |
epss |
| scoring_elements |
0.53282 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00299 |
| scoring_system |
epss |
| scoring_elements |
0.53265 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00299 |
| scoring_system |
epss |
| scoring_elements |
0.53303 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.00299 |
| scoring_system |
epss |
| scoring_elements |
0.53309 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.00299 |
| scoring_system |
epss |
| scoring_elements |
0.53181 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.00299 |
| scoring_system |
epss |
| scoring_elements |
0.53205 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00299 |
| scoring_system |
epss |
| scoring_elements |
0.5323 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.00299 |
| scoring_system |
epss |
| scoring_elements |
0.53197 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12623 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2017-12623 |
| reference_id |
CVE-2017-12623 |
| reference_type |
|
| scores |
| 0 |
| value |
4.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:S/C:P/I:N/A:N |
|
| 1 |
| value |
6.5 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2017-12623 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.nifi/nifi@1.4.0 |
| purl |
pkg:maven/org.apache.nifi/nifi@1.4.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dsr-hras-zudk |
|
| 1 |
| vulnerability |
VCID-2ema-4jrp-3kfr |
|
| 2 |
| vulnerability |
VCID-3eka-p4cs-f3dz |
|
| 3 |
| vulnerability |
VCID-4v3d-ugqf-uyag |
|
| 4 |
| vulnerability |
VCID-6mt2-4tn4-5bcb |
|
| 5 |
| vulnerability |
VCID-bppj-knks-jybe |
|
| 6 |
| vulnerability |
VCID-bpqd-tx8f-kycf |
|
| 7 |
| vulnerability |
VCID-g74u-zmqj-gyb7 |
|
| 8 |
| vulnerability |
VCID-gqjq-sbf1-x7ew |
|
| 9 |
| vulnerability |
VCID-hy35-v2p5-2ycq |
|
| 10 |
| vulnerability |
VCID-j263-1hyr-t7hn |
|
| 11 |
| vulnerability |
VCID-k1bm-1u7b-vybp |
|
| 12 |
| vulnerability |
VCID-rj21-6d19-gqbe |
|
| 13 |
| vulnerability |
VCID-rjau-hbsn-u3ah |
|
| 14 |
| vulnerability |
VCID-rn4r-36ab-sfey |
|
| 15 |
| vulnerability |
VCID-rv8f-q4a4-xqbk |
|
| 16 |
| vulnerability |
VCID-w18h-3c8s-s3eq |
|
| 17 |
| vulnerability |
VCID-yrgr-3cv3-b3ff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.4.0 |
|
|
| aliases |
CVE-2017-12623, GHSA-qj7f-j6h9-g5rq
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3rp1-pc25-euhm |
|
| 4 |
| url |
VCID-4fnm-bxv8-vqhz |
| vulnerability_id |
VCID-4fnm-bxv8-vqhz |
| summary |
Cross-site Scripting
In Apache NiFi, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-8748 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61025 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61109 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61125 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61119 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61077 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61096 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.60953 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.6111 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61089 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.6103 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61073 |
| published_at |
2026-04-08T12:55:00Z |
|
| 11 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61059 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-8748 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2016-8748 |
| reference_id |
CVE-2016-8748 |
| reference_type |
|
| scores |
| 0 |
| value |
3.5 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:S/C:N/I:P/A:N |
|
| 1 |
| value |
5.4 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 2 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2016-8748 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.nifi/nifi@1.1.1 |
| purl |
pkg:maven/org.apache.nifi/nifi@1.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1hne-dn7f-4yfy |
|
| 1 |
| vulnerability |
VCID-2dsr-hras-zudk |
|
| 2 |
| vulnerability |
VCID-2ema-4jrp-3kfr |
|
| 3 |
| vulnerability |
VCID-3eka-p4cs-f3dz |
|
| 4 |
| vulnerability |
VCID-3rp1-pc25-euhm |
|
| 5 |
| vulnerability |
VCID-6mt2-4tn4-5bcb |
|
| 6 |
| vulnerability |
VCID-bppj-knks-jybe |
|
| 7 |
| vulnerability |
VCID-bpqd-tx8f-kycf |
|
| 8 |
| vulnerability |
VCID-gqjq-sbf1-x7ew |
|
| 9 |
| vulnerability |
VCID-hy35-v2p5-2ycq |
|
| 10 |
| vulnerability |
VCID-j263-1hyr-t7hn |
|
| 11 |
| vulnerability |
VCID-k1bm-1u7b-vybp |
|
| 12 |
| vulnerability |
VCID-r9su-47z6-x7cw |
|
| 13 |
| vulnerability |
VCID-rj21-6d19-gqbe |
|
| 14 |
| vulnerability |
VCID-rjau-hbsn-u3ah |
|
| 15 |
| vulnerability |
VCID-rn4r-36ab-sfey |
|
| 16 |
| vulnerability |
VCID-rv8f-q4a4-xqbk |
|
| 17 |
| vulnerability |
VCID-tnfn-2kzc-rugx |
|
| 18 |
| vulnerability |
VCID-w18h-3c8s-s3eq |
|
| 19 |
| vulnerability |
VCID-xv8d-3nef-dygg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.1.1 |
|
|
| aliases |
CVE-2016-8748, GHSA-g2fm-x3cp-mqw9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4fnm-bxv8-vqhz |
|
| 5 |
| url |
VCID-6mt2-4tn4-5bcb |
| vulnerability_id |
VCID-6mt2-4tn4-5bcb |
| summary |
The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Mitigation: The fix to correctly parse and sanitize the request attribute value was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-17193 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0159 |
| scoring_system |
epss |
| scoring_elements |
0.8158 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.0159 |
| scoring_system |
epss |
| scoring_elements |
0.81674 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.0159 |
| scoring_system |
epss |
| scoring_elements |
0.8167 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.0159 |
| scoring_system |
epss |
| scoring_elements |
0.81632 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.0159 |
| scoring_system |
epss |
| scoring_elements |
0.81639 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.0159 |
| scoring_system |
epss |
| scoring_elements |
0.81568 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.0159 |
| scoring_system |
epss |
| scoring_elements |
0.81651 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0159 |
| scoring_system |
epss |
| scoring_elements |
0.81631 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.0159 |
| scoring_system |
epss |
| scoring_elements |
0.81626 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.0159 |
| scoring_system |
epss |
| scoring_elements |
0.81598 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.0159 |
| scoring_system |
epss |
| scoring_elements |
0.81601 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-17193 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-17193, GHSA-4qq9-rrq6-48ff
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6mt2-4tn4-5bcb |
|
| 6 |
| url |
VCID-bppj-knks-jybe |
| vulnerability_id |
VCID-bppj-knks-jybe |
| summary |
Improper Restriction of XML External Entity Reference in Apache NiFi
In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE). |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13940 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0096 |
| scoring_system |
epss |
| scoring_elements |
0.76501 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0096 |
| scoring_system |
epss |
| scoring_elements |
0.76423 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.0096 |
| scoring_system |
epss |
| scoring_elements |
0.76455 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.0096 |
| scoring_system |
epss |
| scoring_elements |
0.76469 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.0096 |
| scoring_system |
epss |
| scoring_elements |
0.76495 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.0096 |
| scoring_system |
epss |
| scoring_elements |
0.76473 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.0096 |
| scoring_system |
epss |
| scoring_elements |
0.76509 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.0096 |
| scoring_system |
epss |
| scoring_elements |
0.76513 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.0096 |
| scoring_system |
epss |
| scoring_elements |
0.7641 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.0096 |
| scoring_system |
epss |
| scoring_elements |
0.76413 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.0096 |
| scoring_system |
epss |
| scoring_elements |
0.76441 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13940 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-13940, GHSA-q4xf-3pmq-3hw8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bppj-knks-jybe |
|
| 7 |
| url |
VCID-bpqd-tx8f-kycf |
| vulnerability_id |
VCID-bpqd-tx8f-kycf |
| summary |
Improper Restriction of XML External Entity Reference
Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: - `EvaluateXPath` - `EvaluateXQuery` - `ValidateXml` Apache NiFi flow configurations that include these Processors is vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-29265 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0212 |
| scoring_system |
epss |
| scoring_elements |
0.84164 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0212 |
| scoring_system |
epss |
| scoring_elements |
0.84098 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.0212 |
| scoring_system |
epss |
| scoring_elements |
0.841 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.0212 |
| scoring_system |
epss |
| scoring_elements |
0.84123 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.0212 |
| scoring_system |
epss |
| scoring_elements |
0.84129 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.0212 |
| scoring_system |
epss |
| scoring_elements |
0.84146 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.0212 |
| scoring_system |
epss |
| scoring_elements |
0.84141 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.0212 |
| scoring_system |
epss |
| scoring_elements |
0.84136 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.0212 |
| scoring_system |
epss |
| scoring_elements |
0.84159 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.0212 |
| scoring_system |
epss |
| scoring_elements |
0.8416 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.0212 |
| scoring_system |
epss |
| scoring_elements |
0.84081 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-29265 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-29265, GHSA-wc97-7623-rxwx
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bpqd-tx8f-kycf |
|
| 8 |
| url |
VCID-gqjq-sbf1-x7ew |
| vulnerability_id |
VCID-gqjq-sbf1-x7ew |
| summary |
Cross-site scripting in Apache NiFi
A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1933 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00485 |
| scoring_system |
epss |
| scoring_elements |
0.65371 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00485 |
| scoring_system |
epss |
| scoring_elements |
0.6535 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.00485 |
| scoring_system |
epss |
| scoring_elements |
0.65362 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00485 |
| scoring_system |
epss |
| scoring_elements |
0.65381 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00485 |
| scoring_system |
epss |
| scoring_elements |
0.65368 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00485 |
| scoring_system |
epss |
| scoring_elements |
0.6534 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00485 |
| scoring_system |
epss |
| scoring_elements |
0.65376 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.00485 |
| scoring_system |
epss |
| scoring_elements |
0.65387 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.00485 |
| scoring_system |
epss |
| scoring_elements |
0.65259 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.00485 |
| scoring_system |
epss |
| scoring_elements |
0.65309 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00485 |
| scoring_system |
epss |
| scoring_elements |
0.65334 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.00485 |
| scoring_system |
epss |
| scoring_elements |
0.65298 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1933 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-1933, GHSA-pqhq-xx62-2v2p
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gqjq-sbf1-x7ew |
|
| 9 |
| url |
VCID-hy35-v2p5-2ycq |
| vulnerability_id |
VCID-hy35-v2p5-2ycq |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then arbitrary
JavaScript code can be executed within the session context of the authenticated user. Upgrading to Apache NiFi 1.24.0 or 2.0.0-M1 is the recommended mitigation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-49145 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52552 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52641 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52656 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52649 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.5261 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52625 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52642 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52545 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52578 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52591 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52597 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-49145 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-49145, GHSA-68pr-6fjc-wmgm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hy35-v2p5-2ycq |
|
| 10 |
| url |
VCID-j263-1hyr-t7hn |
| vulnerability_id |
VCID-j263-1hyr-t7hn |
| summary |
Deserialization of Untrusted Data
Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1310 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0184 |
| scoring_system |
epss |
| scoring_elements |
0.82994 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0184 |
| scoring_system |
epss |
| scoring_elements |
0.82939 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.0184 |
| scoring_system |
epss |
| scoring_elements |
0.82946 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.0184 |
| scoring_system |
epss |
| scoring_elements |
0.82961 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.0184 |
| scoring_system |
epss |
| scoring_elements |
0.82956 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.0184 |
| scoring_system |
epss |
| scoring_elements |
0.82952 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.0184 |
| scoring_system |
epss |
| scoring_elements |
0.82991 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.0184 |
| scoring_system |
epss |
| scoring_elements |
0.8299 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.0184 |
| scoring_system |
epss |
| scoring_elements |
0.82888 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.0184 |
| scoring_system |
epss |
| scoring_elements |
0.82905 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.0184 |
| scoring_system |
epss |
| scoring_elements |
0.82917 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.0184 |
| scoring_system |
epss |
| scoring_elements |
0.82913 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1310 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2018-1310 |
| reference_id |
CVE-2018-1310 |
| reference_type |
|
| scores |
| 0 |
| value |
5.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:N/I:N/A:P |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2018-1310 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-1310, GHSA-p76j-5v6v-6c22
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j263-1hyr-t7hn |
|
| 11 |
| url |
VCID-k1bm-1u7b-vybp |
| vulnerability_id |
VCID-k1bm-1u7b-vybp |
| summary |
Improper Input Validation
A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12632 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0053 |
| scoring_system |
epss |
| scoring_elements |
0.67262 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0053 |
| scoring_system |
epss |
| scoring_elements |
0.67265 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.0053 |
| scoring_system |
epss |
| scoring_elements |
0.67284 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.0053 |
| scoring_system |
epss |
| scoring_elements |
0.6727 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.0053 |
| scoring_system |
epss |
| scoring_elements |
0.67235 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.0053 |
| scoring_system |
epss |
| scoring_elements |
0.67282 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.0053 |
| scoring_system |
epss |
| scoring_elements |
0.67162 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.0053 |
| scoring_system |
epss |
| scoring_elements |
0.672 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.0053 |
| scoring_system |
epss |
| scoring_elements |
0.67224 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.0053 |
| scoring_system |
epss |
| scoring_elements |
0.67251 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12632 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.nifi/nifi@1.5.0 |
| purl |
pkg:maven/org.apache.nifi/nifi@1.5.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dsr-hras-zudk |
|
| 1 |
| vulnerability |
VCID-2ema-4jrp-3kfr |
|
| 2 |
| vulnerability |
VCID-3eka-p4cs-f3dz |
|
| 3 |
| vulnerability |
VCID-4v3d-ugqf-uyag |
|
| 4 |
| vulnerability |
VCID-6mt2-4tn4-5bcb |
|
| 5 |
| vulnerability |
VCID-bppj-knks-jybe |
|
| 6 |
| vulnerability |
VCID-bpqd-tx8f-kycf |
|
| 7 |
| vulnerability |
VCID-g74u-zmqj-gyb7 |
|
| 8 |
| vulnerability |
VCID-gqjq-sbf1-x7ew |
|
| 9 |
| vulnerability |
VCID-hy35-v2p5-2ycq |
|
| 10 |
| vulnerability |
VCID-j263-1hyr-t7hn |
|
| 11 |
| vulnerability |
VCID-rj21-6d19-gqbe |
|
| 12 |
| vulnerability |
VCID-rn4r-36ab-sfey |
|
| 13 |
| vulnerability |
VCID-rv8f-q4a4-xqbk |
|
| 14 |
| vulnerability |
VCID-yrgr-3cv3-b3ff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.5.0 |
|
|
| aliases |
CVE-2017-12632, GHSA-w4x6-j349-9r57
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k1bm-1u7b-vybp |
|
| 12 |
| url |
VCID-r9su-47z6-x7cw |
| vulnerability_id |
VCID-r9su-47z6-x7cw |
| summary |
Origin Validation Error
Apache NiFi needs to establish the response header telling browsers to only allow framing with the same origin. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-7667 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00392 |
| scoring_system |
epss |
| scoring_elements |
0.60232 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00392 |
| scoring_system |
epss |
| scoring_elements |
0.60193 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.00392 |
| scoring_system |
epss |
| scoring_elements |
0.60207 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00392 |
| scoring_system |
epss |
| scoring_elements |
0.60228 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00392 |
| scoring_system |
epss |
| scoring_elements |
0.60215 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00392 |
| scoring_system |
epss |
| scoring_elements |
0.60197 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00392 |
| scoring_system |
epss |
| scoring_elements |
0.60237 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.00392 |
| scoring_system |
epss |
| scoring_elements |
0.60244 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.00392 |
| scoring_system |
epss |
| scoring_elements |
0.60071 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.00392 |
| scoring_system |
epss |
| scoring_elements |
0.60149 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00392 |
| scoring_system |
epss |
| scoring_elements |
0.60174 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.00392 |
| scoring_system |
epss |
| scoring_elements |
0.60143 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-7667 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.nifi/nifi@1.3.0 |
| purl |
pkg:maven/org.apache.nifi/nifi@1.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dsr-hras-zudk |
|
| 1 |
| vulnerability |
VCID-2ema-4jrp-3kfr |
|
| 2 |
| vulnerability |
VCID-3eka-p4cs-f3dz |
|
| 3 |
| vulnerability |
VCID-3rp1-pc25-euhm |
|
| 4 |
| vulnerability |
VCID-4v3d-ugqf-uyag |
|
| 5 |
| vulnerability |
VCID-6mt2-4tn4-5bcb |
|
| 6 |
| vulnerability |
VCID-bppj-knks-jybe |
|
| 7 |
| vulnerability |
VCID-bpqd-tx8f-kycf |
|
| 8 |
| vulnerability |
VCID-g74u-zmqj-gyb7 |
|
| 9 |
| vulnerability |
VCID-gqjq-sbf1-x7ew |
|
| 10 |
| vulnerability |
VCID-hy35-v2p5-2ycq |
|
| 11 |
| vulnerability |
VCID-j263-1hyr-t7hn |
|
| 12 |
| vulnerability |
VCID-k1bm-1u7b-vybp |
|
| 13 |
| vulnerability |
VCID-rj21-6d19-gqbe |
|
| 14 |
| vulnerability |
VCID-rjau-hbsn-u3ah |
|
| 15 |
| vulnerability |
VCID-rn4r-36ab-sfey |
|
| 16 |
| vulnerability |
VCID-rv8f-q4a4-xqbk |
|
| 17 |
| vulnerability |
VCID-w18h-3c8s-s3eq |
|
| 18 |
| vulnerability |
VCID-yrgr-3cv3-b3ff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.3.0 |
|
|
| aliases |
CVE-2017-7667, GHSA-jvx9-rj3w-jq99
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r9su-47z6-x7cw |
|
| 13 |
| url |
VCID-rj21-6d19-gqbe |
| vulnerability_id |
VCID-rj21-6d19-gqbe |
| summary |
The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consistently apply the security headers was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-17192 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00798 |
| scoring_system |
epss |
| scoring_elements |
0.74063 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00798 |
| scoring_system |
epss |
| scoring_elements |
0.73974 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00798 |
| scoring_system |
epss |
| scoring_elements |
0.73981 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00798 |
| scoring_system |
epss |
| scoring_elements |
0.74007 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00798 |
| scoring_system |
epss |
| scoring_elements |
0.73978 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00798 |
| scoring_system |
epss |
| scoring_elements |
0.74012 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00798 |
| scoring_system |
epss |
| scoring_elements |
0.74026 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00798 |
| scoring_system |
epss |
| scoring_elements |
0.74049 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00798 |
| scoring_system |
epss |
| scoring_elements |
0.7403 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00798 |
| scoring_system |
epss |
| scoring_elements |
0.74023 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00798 |
| scoring_system |
epss |
| scoring_elements |
0.74062 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00798 |
| scoring_system |
epss |
| scoring_elements |
0.74071 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-17192 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-17192, GHSA-2xpp-75vr-22vq
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rj21-6d19-gqbe |
|
| 14 |
| url |
VCID-rjau-hbsn-u3ah |
| vulnerability_id |
VCID-rjau-hbsn-u3ah |
| summary |
Improper Input Validation
A malicious `X-ProxyContextPath` or `X-Forwarded-Context` header containing external resources or embedded code could cause remote code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15697 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02452 |
| scoring_system |
epss |
| scoring_elements |
0.85232 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.02452 |
| scoring_system |
epss |
| scoring_elements |
0.85202 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.02452 |
| scoring_system |
epss |
| scoring_elements |
0.85216 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.02452 |
| scoring_system |
epss |
| scoring_elements |
0.85214 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.02452 |
| scoring_system |
epss |
| scoring_elements |
0.8521 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.02452 |
| scoring_system |
epss |
| scoring_elements |
0.85231 |
| published_at |
2026-04-21T12:55:00Z |
|
| 6 |
| value |
0.02452 |
| scoring_system |
epss |
| scoring_elements |
0.85141 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.02452 |
| scoring_system |
epss |
| scoring_elements |
0.85153 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.02452 |
| scoring_system |
epss |
| scoring_elements |
0.85171 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.02452 |
| scoring_system |
epss |
| scoring_elements |
0.85172 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.02452 |
| scoring_system |
epss |
| scoring_elements |
0.85194 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15697 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.nifi/nifi@1.5.0 |
| purl |
pkg:maven/org.apache.nifi/nifi@1.5.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dsr-hras-zudk |
|
| 1 |
| vulnerability |
VCID-2ema-4jrp-3kfr |
|
| 2 |
| vulnerability |
VCID-3eka-p4cs-f3dz |
|
| 3 |
| vulnerability |
VCID-4v3d-ugqf-uyag |
|
| 4 |
| vulnerability |
VCID-6mt2-4tn4-5bcb |
|
| 5 |
| vulnerability |
VCID-bppj-knks-jybe |
|
| 6 |
| vulnerability |
VCID-bpqd-tx8f-kycf |
|
| 7 |
| vulnerability |
VCID-g74u-zmqj-gyb7 |
|
| 8 |
| vulnerability |
VCID-gqjq-sbf1-x7ew |
|
| 9 |
| vulnerability |
VCID-hy35-v2p5-2ycq |
|
| 10 |
| vulnerability |
VCID-j263-1hyr-t7hn |
|
| 11 |
| vulnerability |
VCID-rj21-6d19-gqbe |
|
| 12 |
| vulnerability |
VCID-rn4r-36ab-sfey |
|
| 13 |
| vulnerability |
VCID-rv8f-q4a4-xqbk |
|
| 14 |
| vulnerability |
VCID-yrgr-3cv3-b3ff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.5.0 |
|
|
| aliases |
CVE-2017-15697, GHSA-29ph-fjf3-c5cm
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rjau-hbsn-u3ah |
|
| 15 |
| url |
VCID-rn4r-36ab-sfey |
| vulnerability_id |
VCID-rn4r-36ab-sfey |
| summary |
Exposure of Sensitive Information to an Unauthorized Actor
In the TransformXML processor of Apache NiFi an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-44145 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54612 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54625 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.5462 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54633 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54616 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54595 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54632 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54634 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54509 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54581 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54605 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54574 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-44145 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-44145, GHSA-rq96-qhc5-vm4r
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rn4r-36ab-sfey |
|
| 16 |
| url |
VCID-rv8f-q4a4-xqbk |
| vulnerability_id |
VCID-rv8f-q4a4-xqbk |
| summary |
Apache NiFi Code Injection vulnerability
Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission for referencing remote resources, restricting configuration of these components to privileged users. The permission prevents unprivileged users from configuring Processors and Controller Services annotated with the new Reference Remote Resources restriction. Upgrading to Apache NiFi 1.23.0 is the recommended mitigation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-36542 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0096 |
| scoring_system |
epss |
| scoring_elements |
0.76419 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.0096 |
| scoring_system |
epss |
| scoring_elements |
0.76515 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.0096 |
| scoring_system |
epss |
| scoring_elements |
0.76479 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.0096 |
| scoring_system |
epss |
| scoring_elements |
0.76501 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.0096 |
| scoring_system |
epss |
| scoring_elements |
0.76475 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.0096 |
| scoring_system |
epss |
| scoring_elements |
0.76461 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0096 |
| scoring_system |
epss |
| scoring_elements |
0.76429 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.0096 |
| scoring_system |
epss |
| scoring_elements |
0.76448 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.0096 |
| scoring_system |
epss |
| scoring_elements |
0.76507 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.0096 |
| scoring_system |
epss |
| scoring_elements |
0.76519 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-36542 |
|
| 1 |
| reference_url |
http://seclists.org/fulldisclosure/2023/Jul/43 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/ |
|
|
| url |
http://seclists.org/fulldisclosure/2023/Jul/43 |
|
| 2 |
| reference_url |
https://github.com/apache/nifi |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/nifi |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://nifi.apache.org/security.html#CVE-2023-36542 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/ |
|
|
| url |
https://nifi.apache.org/security.html#CVE-2023-36542 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-36542, GHSA-r969-8v3h-23v9
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rv8f-q4a4-xqbk |
|
| 17 |
| url |
VCID-tnfn-2kzc-rugx |
| vulnerability_id |
VCID-tnfn-2kzc-rugx |
| summary |
Cross-site Scripting
There are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-7665 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00752 |
| scoring_system |
epss |
| scoring_elements |
0.73131 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00752 |
| scoring_system |
epss |
| scoring_elements |
0.73162 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00752 |
| scoring_system |
epss |
| scoring_elements |
0.73141 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00876 |
| scoring_system |
epss |
| scoring_elements |
0.75327 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00876 |
| scoring_system |
epss |
| scoring_elements |
0.75292 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00876 |
| scoring_system |
epss |
| scoring_elements |
0.75302 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00876 |
| scoring_system |
epss |
| scoring_elements |
0.75323 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00876 |
| scoring_system |
epss |
| scoring_elements |
0.75301 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00876 |
| scoring_system |
epss |
| scoring_elements |
0.7529 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00876 |
| scoring_system |
epss |
| scoring_elements |
0.75329 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00876 |
| scoring_system |
epss |
| scoring_elements |
0.75336 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00876 |
| scoring_system |
epss |
| scoring_elements |
0.75249 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-7665 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.nifi/nifi@1.3.0 |
| purl |
pkg:maven/org.apache.nifi/nifi@1.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dsr-hras-zudk |
|
| 1 |
| vulnerability |
VCID-2ema-4jrp-3kfr |
|
| 2 |
| vulnerability |
VCID-3eka-p4cs-f3dz |
|
| 3 |
| vulnerability |
VCID-3rp1-pc25-euhm |
|
| 4 |
| vulnerability |
VCID-4v3d-ugqf-uyag |
|
| 5 |
| vulnerability |
VCID-6mt2-4tn4-5bcb |
|
| 6 |
| vulnerability |
VCID-bppj-knks-jybe |
|
| 7 |
| vulnerability |
VCID-bpqd-tx8f-kycf |
|
| 8 |
| vulnerability |
VCID-g74u-zmqj-gyb7 |
|
| 9 |
| vulnerability |
VCID-gqjq-sbf1-x7ew |
|
| 10 |
| vulnerability |
VCID-hy35-v2p5-2ycq |
|
| 11 |
| vulnerability |
VCID-j263-1hyr-t7hn |
|
| 12 |
| vulnerability |
VCID-k1bm-1u7b-vybp |
|
| 13 |
| vulnerability |
VCID-rj21-6d19-gqbe |
|
| 14 |
| vulnerability |
VCID-rjau-hbsn-u3ah |
|
| 15 |
| vulnerability |
VCID-rn4r-36ab-sfey |
|
| 16 |
| vulnerability |
VCID-rv8f-q4a4-xqbk |
|
| 17 |
| vulnerability |
VCID-w18h-3c8s-s3eq |
|
| 18 |
| vulnerability |
VCID-yrgr-3cv3-b3ff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.3.0 |
|
|
| aliases |
CVE-2017-7665, GHSA-m5r7-w9v3-ghmx
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tnfn-2kzc-rugx |
|
| 18 |
| url |
VCID-w18h-3c8s-s3eq |
| vulnerability_id |
VCID-w18h-3c8s-s3eq |
| summary |
Deserialization of Untrusted Data
Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15703 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00111 |
| scoring_system |
epss |
| scoring_elements |
0.29431 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00111 |
| scoring_system |
epss |
| scoring_elements |
0.29485 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00111 |
| scoring_system |
epss |
| scoring_elements |
0.29504 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00111 |
| scoring_system |
epss |
| scoring_elements |
0.29477 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.00111 |
| scoring_system |
epss |
| scoring_elements |
0.29543 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00111 |
| scoring_system |
epss |
| scoring_elements |
0.2961 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00111 |
| scoring_system |
epss |
| scoring_elements |
0.29659 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00111 |
| scoring_system |
epss |
| scoring_elements |
0.2948 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00111 |
| scoring_system |
epss |
| scoring_elements |
0.29581 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00111 |
| scoring_system |
epss |
| scoring_elements |
0.29584 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00111 |
| scoring_system |
epss |
| scoring_elements |
0.29538 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-15703 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.nifi/nifi@1.5.0 |
| purl |
pkg:maven/org.apache.nifi/nifi@1.5.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dsr-hras-zudk |
|
| 1 |
| vulnerability |
VCID-2ema-4jrp-3kfr |
|
| 2 |
| vulnerability |
VCID-3eka-p4cs-f3dz |
|
| 3 |
| vulnerability |
VCID-4v3d-ugqf-uyag |
|
| 4 |
| vulnerability |
VCID-6mt2-4tn4-5bcb |
|
| 5 |
| vulnerability |
VCID-bppj-knks-jybe |
|
| 6 |
| vulnerability |
VCID-bpqd-tx8f-kycf |
|
| 7 |
| vulnerability |
VCID-g74u-zmqj-gyb7 |
|
| 8 |
| vulnerability |
VCID-gqjq-sbf1-x7ew |
|
| 9 |
| vulnerability |
VCID-hy35-v2p5-2ycq |
|
| 10 |
| vulnerability |
VCID-j263-1hyr-t7hn |
|
| 11 |
| vulnerability |
VCID-rj21-6d19-gqbe |
|
| 12 |
| vulnerability |
VCID-rn4r-36ab-sfey |
|
| 13 |
| vulnerability |
VCID-rv8f-q4a4-xqbk |
|
| 14 |
| vulnerability |
VCID-yrgr-3cv3-b3ff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.5.0 |
|
|
| aliases |
CVE-2017-15703, GHSA-xwx6-vmj4-5rv8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w18h-3c8s-s3eq |
|