Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.nifi/nifi@0.7.4
Typemaven
Namespaceorg.apache.nifi
Namenifi
Version0.7.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.24.0
Latest_non_vulnerable_version1.24.0
Affected_by_vulnerabilities
0
url VCID-3eka-p4cs-f3dz
vulnerability_id VCID-3eka-p4cs-f3dz
summary 
Apache NiFi vulnerable to Code Injection
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.

The resolution validates the Database URL and rejects H2 JDBC locations.

You are recommended to upgrade to version 1.22.0 or later which fixes this issue.
references
0
reference_url http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/
url http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34468
reference_id
reference_type
scores
0
value 0.77205
scoring_system epss
scoring_elements 0.98975
published_at 2026-04-18T12:55:00Z
1
value 0.77205
scoring_system epss
scoring_elements 0.98965
published_at 2026-04-02T12:55:00Z
2
value 0.77205
scoring_system epss
scoring_elements 0.98967
published_at 2026-04-04T12:55:00Z
3
value 0.77205
scoring_system epss
scoring_elements 0.98969
published_at 2026-04-07T12:55:00Z
4
value 0.77205
scoring_system epss
scoring_elements 0.98971
published_at 2026-04-09T12:55:00Z
5
value 0.77205
scoring_system epss
scoring_elements 0.98972
published_at 2026-04-12T12:55:00Z
6
value 0.77205
scoring_system epss
scoring_elements 0.98973
published_at 2026-04-13T12:55:00Z
7
value 0.77205
scoring_system epss
scoring_elements 0.98974
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34468
2
reference_url https://exceptionfactory.com/posts/2023/10/07/firsthand-analysis-of-apache-nifi-vulnerability-cve-2023-34468
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://exceptionfactory.com/posts/2023/10/07/firsthand-analysis-of-apache-nifi-vulnerability-cve-2023-34468
3
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
4
reference_url https://github.com/apache/nifi/commit/4faf3ea59895e7e153db3f8f61147ff70a254361
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/4faf3ea59895e7e153db3f8f61147ff70a254361
5
reference_url https://github.com/apache/nifi/pull/7349
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/pull/7349
6
reference_url https://issues.apache.org/jira/browse/NIFI-11653
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/NIFI-11653
7
reference_url https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/
url https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8
8
reference_url https://nifi.apache.org/security.html#CVE-2023-34468
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/
url https://nifi.apache.org/security.html#CVE-2023-34468
9
reference_url https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation
10
reference_url http://www.openwall.com/lists/oss-security/2023/06/12/3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/
url http://www.openwall.com/lists/oss-security/2023/06/12/3
11
reference_url https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/
reference_id apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/
url https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34468
reference_id CVE-2023-34468
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34468
13
reference_url https://github.com/advisories/GHSA-xm2m-2q6h-22jw
reference_id GHSA-xm2m-2q6h-22jw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xm2m-2q6h-22jw
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.22.0
purl pkg:maven/org.apache.nifi/nifi@1.22.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hy35-v2p5-2ycq
1
vulnerability VCID-rv8f-q4a4-xqbk
2
vulnerability VCID-ues1-6z47-q7hc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.22.0
aliases CVE-2023-34468, GHSA-xm2m-2q6h-22jw
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3eka-p4cs-f3dz
1
url VCID-4fnm-bxv8-vqhz
vulnerability_id VCID-4fnm-bxv8-vqhz
summary 
Cross-site Scripting
In Apache NiFi, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-8748
reference_id
reference_type
scores
0
value 0.00406
scoring_system epss
scoring_elements 0.61059
published_at 2026-04-04T12:55:00Z
1
value 0.00406
scoring_system epss
scoring_elements 0.61125
published_at 2026-04-18T12:55:00Z
2
value 0.00406
scoring_system epss
scoring_elements 0.61119
published_at 2026-04-16T12:55:00Z
3
value 0.00406
scoring_system epss
scoring_elements 0.61077
published_at 2026-04-13T12:55:00Z
4
value 0.00406
scoring_system epss
scoring_elements 0.61096
published_at 2026-04-12T12:55:00Z
5
value 0.00406
scoring_system epss
scoring_elements 0.6111
published_at 2026-04-11T12:55:00Z
6
value 0.00406
scoring_system epss
scoring_elements 0.60953
published_at 2026-04-01T12:55:00Z
7
value 0.00406
scoring_system epss
scoring_elements 0.61089
published_at 2026-04-09T12:55:00Z
8
value 0.00406
scoring_system epss
scoring_elements 0.61073
published_at 2026-04-08T12:55:00Z
9
value 0.00406
scoring_system epss
scoring_elements 0.6103
published_at 2026-04-02T12:55:00Z
10
value 0.00406
scoring_system epss
scoring_elements 0.61025
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-8748
1
reference_url https://nifi.apache.org/security.html#CVE-2016-8748
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security.html#CVE-2016-8748
2
reference_url http://www.securityfocus.com/bid/95621
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/95621
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:nifi:1.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:nifi:1.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:nifi:1.1.0:*:*:*:*:*:*:*
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-8748
reference_id CVE-2016-8748
reference_type
scores
0
value 3.5
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:N/I:P/A:N
1
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-8748
6
reference_url https://github.com/advisories/GHSA-g2fm-x3cp-mqw9
reference_id GHSA-g2fm-x3cp-mqw9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g2fm-x3cp-mqw9
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.0.1
purl pkg:maven/org.apache.nifi/nifi@1.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dsr-hras-zudk
1
vulnerability VCID-2ema-4jrp-3kfr
2
vulnerability VCID-3eka-p4cs-f3dz
3
vulnerability VCID-3rp1-pc25-euhm
4
vulnerability VCID-4fnm-bxv8-vqhz
5
vulnerability VCID-6mt2-4tn4-5bcb
6
vulnerability VCID-bppj-knks-jybe
7
vulnerability VCID-bpqd-tx8f-kycf
8
vulnerability VCID-gqjq-sbf1-x7ew
9
vulnerability VCID-hy35-v2p5-2ycq
10
vulnerability VCID-j263-1hyr-t7hn
11
vulnerability VCID-k1bm-1u7b-vybp
12
vulnerability VCID-r9su-47z6-x7cw
13
vulnerability VCID-rj21-6d19-gqbe
14
vulnerability VCID-rjau-hbsn-u3ah
15
vulnerability VCID-rn4r-36ab-sfey
16
vulnerability VCID-rv8f-q4a4-xqbk
17
vulnerability VCID-tnfn-2kzc-rugx
18
vulnerability VCID-w18h-3c8s-s3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.0.1
1
url pkg:maven/org.apache.nifi/nifi@1.1.1
purl pkg:maven/org.apache.nifi/nifi@1.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hne-dn7f-4yfy
1
vulnerability VCID-2dsr-hras-zudk
2
vulnerability VCID-2ema-4jrp-3kfr
3
vulnerability VCID-3eka-p4cs-f3dz
4
vulnerability VCID-3rp1-pc25-euhm
5
vulnerability VCID-6mt2-4tn4-5bcb
6
vulnerability VCID-bppj-knks-jybe
7
vulnerability VCID-bpqd-tx8f-kycf
8
vulnerability VCID-gqjq-sbf1-x7ew
9
vulnerability VCID-hy35-v2p5-2ycq
10
vulnerability VCID-j263-1hyr-t7hn
11
vulnerability VCID-k1bm-1u7b-vybp
12
vulnerability VCID-r9su-47z6-x7cw
13
vulnerability VCID-rj21-6d19-gqbe
14
vulnerability VCID-rjau-hbsn-u3ah
15
vulnerability VCID-rn4r-36ab-sfey
16
vulnerability VCID-rv8f-q4a4-xqbk
17
vulnerability VCID-tnfn-2kzc-rugx
18
vulnerability VCID-w18h-3c8s-s3eq
19
vulnerability VCID-xv8d-3nef-dygg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.1.1
aliases CVE-2016-8748, GHSA-g2fm-x3cp-mqw9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4fnm-bxv8-vqhz
2
url VCID-bpqd-tx8f-kycf
vulnerability_id VCID-bpqd-tx8f-kycf
summary 
Improper Restriction of XML External Entity Reference
Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: - `EvaluateXPath` - `EvaluateXQuery` - `ValidateXml` Apache NiFi flow configurations that include these Processors is vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29265
reference_id
reference_type
scores
0
value 0.0212
scoring_system epss
scoring_elements 0.8416
published_at 2026-04-18T12:55:00Z
1
value 0.0212
scoring_system epss
scoring_elements 0.84081
published_at 2026-04-02T12:55:00Z
2
value 0.0212
scoring_system epss
scoring_elements 0.84098
published_at 2026-04-04T12:55:00Z
3
value 0.0212
scoring_system epss
scoring_elements 0.841
published_at 2026-04-07T12:55:00Z
4
value 0.0212
scoring_system epss
scoring_elements 0.84123
published_at 2026-04-08T12:55:00Z
5
value 0.0212
scoring_system epss
scoring_elements 0.84129
published_at 2026-04-09T12:55:00Z
6
value 0.0212
scoring_system epss
scoring_elements 0.84146
published_at 2026-04-11T12:55:00Z
7
value 0.0212
scoring_system epss
scoring_elements 0.84141
published_at 2026-04-12T12:55:00Z
8
value 0.0212
scoring_system epss
scoring_elements 0.84136
published_at 2026-04-13T12:55:00Z
9
value 0.0212
scoring_system epss
scoring_elements 0.84159
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29265
1
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
2
reference_url https://lists.apache.org/thread/47od9kr9n4cyv0mv81jh3pkyx815kyjl
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/47od9kr9n4cyv0mv81jh3pkyx815kyjl
3
reference_url https://nifi.apache.org/security.html#CVE-2022-29265
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security.html#CVE-2022-29265
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29265
reference_id CVE-2022-29265
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29265
5
reference_url https://github.com/advisories/GHSA-wc97-7623-rxwx
reference_id GHSA-wc97-7623-rxwx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wc97-7623-rxwx
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.16.1
purl pkg:maven/org.apache.nifi/nifi@1.16.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eka-p4cs-f3dz
1
vulnerability VCID-4uja-72yx-6qdc
2
vulnerability VCID-g74u-zmqj-gyb7
3
vulnerability VCID-hy35-v2p5-2ycq
4
vulnerability VCID-rv8f-q4a4-xqbk
5
vulnerability VCID-xhjy-xmhq-abh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.16.1
aliases CVE-2022-29265, GHSA-wc97-7623-rxwx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bpqd-tx8f-kycf
3
url VCID-hy35-v2p5-2ycq
vulnerability_id VCID-hy35-v2p5-2ycq
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then arbitrary
JavaScript code can be executed within the session context of the authenticated user. Upgrading to Apache NiFi 1.24.0 or 2.0.0-M1 is the recommended mitigation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49145
reference_id
reference_type
scores
0
value 0.00293
scoring_system epss
scoring_elements 0.52552
published_at 2026-04-02T12:55:00Z
1
value 0.00293
scoring_system epss
scoring_elements 0.52656
published_at 2026-04-18T12:55:00Z
2
value 0.00293
scoring_system epss
scoring_elements 0.52649
published_at 2026-04-16T12:55:00Z
3
value 0.00293
scoring_system epss
scoring_elements 0.5261
published_at 2026-04-13T12:55:00Z
4
value 0.00293
scoring_system epss
scoring_elements 0.52625
published_at 2026-04-12T12:55:00Z
5
value 0.00293
scoring_system epss
scoring_elements 0.52642
published_at 2026-04-11T12:55:00Z
6
value 0.00293
scoring_system epss
scoring_elements 0.52591
published_at 2026-04-09T12:55:00Z
7
value 0.00293
scoring_system epss
scoring_elements 0.52545
published_at 2026-04-07T12:55:00Z
8
value 0.00293
scoring_system epss
scoring_elements 0.52578
published_at 2026-04-04T12:55:00Z
9
value 0.00293
scoring_system epss
scoring_elements 0.52597
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49145
1
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
2
reference_url https://github.com/apache/nifi/commit/50efc55df6bb00ea15adcc2459d5cc82d128857f
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/50efc55df6bb00ea15adcc2459d5cc82d128857f
3
reference_url https://github.com/apache/nifi/pull/8060
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/pull/8060
4
reference_url https://issues.apache.org/jira/browse/NIFI-12403
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/NIFI-12403
5
reference_url https://lists.apache.org/thread/j8rd0qsvgoj0khqck5f49jfbp0fm8r1o
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/j8rd0qsvgoj0khqck5f49jfbp0fm8r1o
6
reference_url https://nifi.apache.org/security.html#CVE-2023-49145
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security.html#CVE-2023-49145
7
reference_url http://www.openwall.com/lists/oss-security/2023/11/27/5
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/11/27/5
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49145
reference_id CVE-2023-49145
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49145
9
reference_url https://github.com/advisories/GHSA-68pr-6fjc-wmgm
reference_id GHSA-68pr-6fjc-wmgm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-68pr-6fjc-wmgm
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.24.0
purl pkg:maven/org.apache.nifi/nifi@1.24.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.24.0
aliases CVE-2023-49145, GHSA-68pr-6fjc-wmgm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hy35-v2p5-2ycq
4
url VCID-j263-1hyr-t7hn
vulnerability_id VCID-j263-1hyr-t7hn
summary 
Deserialization of Untrusted Data
Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1310
reference_id
reference_type
scores
0
value 0.0184
scoring_system epss
scoring_elements 0.8299
published_at 2026-04-18T12:55:00Z
1
value 0.0184
scoring_system epss
scoring_elements 0.82913
published_at 2026-04-07T12:55:00Z
2
value 0.0184
scoring_system epss
scoring_elements 0.82939
published_at 2026-04-08T12:55:00Z
3
value 0.0184
scoring_system epss
scoring_elements 0.82946
published_at 2026-04-09T12:55:00Z
4
value 0.0184
scoring_system epss
scoring_elements 0.82961
published_at 2026-04-11T12:55:00Z
5
value 0.0184
scoring_system epss
scoring_elements 0.82956
published_at 2026-04-12T12:55:00Z
6
value 0.0184
scoring_system epss
scoring_elements 0.82952
published_at 2026-04-13T12:55:00Z
7
value 0.0184
scoring_system epss
scoring_elements 0.82991
published_at 2026-04-16T12:55:00Z
8
value 0.0184
scoring_system epss
scoring_elements 0.82888
published_at 2026-04-01T12:55:00Z
9
value 0.0184
scoring_system epss
scoring_elements 0.82905
published_at 2026-04-02T12:55:00Z
10
value 0.0184
scoring_system epss
scoring_elements 0.82917
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1310
1
reference_url https://nifi.apache.org/security.html#CVE-2018-1310
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security.html#CVE-2018-1310
2
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1310
reference_id CVE-2018-1310
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1310
4
reference_url https://github.com/advisories/GHSA-p76j-5v6v-6c22
reference_id GHSA-p76j-5v6v-6c22
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p76j-5v6v-6c22
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.6.0
purl pkg:maven/org.apache.nifi/nifi@1.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dsr-hras-zudk
1
vulnerability VCID-2ema-4jrp-3kfr
2
vulnerability VCID-3eka-p4cs-f3dz
3
vulnerability VCID-4v3d-ugqf-uyag
4
vulnerability VCID-6mt2-4tn4-5bcb
5
vulnerability VCID-bppj-knks-jybe
6
vulnerability VCID-bpqd-tx8f-kycf
7
vulnerability VCID-g74u-zmqj-gyb7
8
vulnerability VCID-gqjq-sbf1-x7ew
9
vulnerability VCID-hy35-v2p5-2ycq
10
vulnerability VCID-rj21-6d19-gqbe
11
vulnerability VCID-rn4r-36ab-sfey
12
vulnerability VCID-rv8f-q4a4-xqbk
13
vulnerability VCID-yrgr-3cv3-b3ff
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.6.0
aliases CVE-2018-1310, GHSA-p76j-5v6v-6c22
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j263-1hyr-t7hn
5
url VCID-k1bm-1u7b-vybp
vulnerability_id VCID-k1bm-1u7b-vybp
summary 
Improper Input Validation
A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12632
reference_id
reference_type
scores
0
value 0.0053
scoring_system epss
scoring_elements 0.67282
published_at 2026-04-18T12:55:00Z
1
value 0.0053
scoring_system epss
scoring_elements 0.67251
published_at 2026-04-08T12:55:00Z
2
value 0.0053
scoring_system epss
scoring_elements 0.67265
published_at 2026-04-09T12:55:00Z
3
value 0.0053
scoring_system epss
scoring_elements 0.67284
published_at 2026-04-11T12:55:00Z
4
value 0.0053
scoring_system epss
scoring_elements 0.6727
published_at 2026-04-16T12:55:00Z
5
value 0.0053
scoring_system epss
scoring_elements 0.67235
published_at 2026-04-13T12:55:00Z
6
value 0.0053
scoring_system epss
scoring_elements 0.67162
published_at 2026-04-01T12:55:00Z
7
value 0.0053
scoring_system epss
scoring_elements 0.672
published_at 2026-04-07T12:55:00Z
8
value 0.0053
scoring_system epss
scoring_elements 0.67224
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12632
1
reference_url https://nifi.apache.org/security.html#CVE-2017-12632
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security.html#CVE-2017-12632
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12632
reference_id CVE-2017-12632
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12632
3
reference_url https://github.com/advisories/GHSA-w4x6-j349-9r57
reference_id GHSA-w4x6-j349-9r57
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w4x6-j349-9r57
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.5.0
purl pkg:maven/org.apache.nifi/nifi@1.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dsr-hras-zudk
1
vulnerability VCID-2ema-4jrp-3kfr
2
vulnerability VCID-3eka-p4cs-f3dz
3
vulnerability VCID-4v3d-ugqf-uyag
4
vulnerability VCID-6mt2-4tn4-5bcb
5
vulnerability VCID-bppj-knks-jybe
6
vulnerability VCID-bpqd-tx8f-kycf
7
vulnerability VCID-g74u-zmqj-gyb7
8
vulnerability VCID-gqjq-sbf1-x7ew
9
vulnerability VCID-hy35-v2p5-2ycq
10
vulnerability VCID-j263-1hyr-t7hn
11
vulnerability VCID-rj21-6d19-gqbe
12
vulnerability VCID-rn4r-36ab-sfey
13
vulnerability VCID-rv8f-q4a4-xqbk
14
vulnerability VCID-yrgr-3cv3-b3ff
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.5.0
aliases CVE-2017-12632, GHSA-w4x6-j349-9r57
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k1bm-1u7b-vybp
6
url VCID-rn4r-36ab-sfey
vulnerability_id VCID-rn4r-36ab-sfey
summary 
Exposure of Sensitive Information to an Unauthorized Actor
In the TransformXML processor of Apache NiFi an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-44145
reference_id
reference_type
scores
0
value 0.00315
scoring_system epss
scoring_elements 0.54634
published_at 2026-04-18T12:55:00Z
1
value 0.00315
scoring_system epss
scoring_elements 0.54574
published_at 2026-04-07T12:55:00Z
2
value 0.00315
scoring_system epss
scoring_elements 0.54625
published_at 2026-04-08T12:55:00Z
3
value 0.00315
scoring_system epss
scoring_elements 0.5462
published_at 2026-04-09T12:55:00Z
4
value 0.00315
scoring_system epss
scoring_elements 0.54633
published_at 2026-04-11T12:55:00Z
5
value 0.00315
scoring_system epss
scoring_elements 0.54616
published_at 2026-04-12T12:55:00Z
6
value 0.00315
scoring_system epss
scoring_elements 0.54595
published_at 2026-04-13T12:55:00Z
7
value 0.00315
scoring_system epss
scoring_elements 0.54632
published_at 2026-04-16T12:55:00Z
8
value 0.00315
scoring_system epss
scoring_elements 0.54509
published_at 2026-04-01T12:55:00Z
9
value 0.00315
scoring_system epss
scoring_elements 0.54581
published_at 2026-04-02T12:55:00Z
10
value 0.00315
scoring_system epss
scoring_elements 0.54605
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-44145
1
reference_url https://nifi.apache.org/security.html#1.15.1-vulnerabilities
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security.html#1.15.1-vulnerabilities
2
reference_url http://www.openwall.com/lists/oss-security/2021/12/17/1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/12/17/1
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-44145
reference_id CVE-2021-44145
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-44145
4
reference_url https://github.com/advisories/GHSA-rq96-qhc5-vm4r
reference_id GHSA-rq96-qhc5-vm4r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rq96-qhc5-vm4r
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.15.1
purl pkg:maven/org.apache.nifi/nifi@1.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eka-p4cs-f3dz
1
vulnerability VCID-4uja-72yx-6qdc
2
vulnerability VCID-bpqd-tx8f-kycf
3
vulnerability VCID-dmw5-6pw6-j3d6
4
vulnerability VCID-g74u-zmqj-gyb7
5
vulnerability VCID-hy35-v2p5-2ycq
6
vulnerability VCID-rv8f-q4a4-xqbk
7
vulnerability VCID-xhjy-xmhq-abh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.15.1
aliases CVE-2021-44145, GHSA-rq96-qhc5-vm4r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rn4r-36ab-sfey
7
url VCID-rv8f-q4a4-xqbk
vulnerability_id VCID-rv8f-q4a4-xqbk
summary 
Apache NiFi Code Injection vulnerability
Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission for referencing remote resources, restricting configuration of these components to privileged users. The permission prevents unprivileged users from configuring Processors and Controller Services annotated with the new Reference Remote Resources restriction. Upgrading to Apache NiFi 1.23.0 is the recommended mitigation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36542
reference_id
reference_type
scores
0
value 0.0096
scoring_system epss
scoring_elements 0.76419
published_at 2026-04-02T12:55:00Z
1
value 0.0096
scoring_system epss
scoring_elements 0.76515
published_at 2026-04-16T12:55:00Z
2
value 0.0096
scoring_system epss
scoring_elements 0.76479
published_at 2026-04-12T12:55:00Z
3
value 0.0096
scoring_system epss
scoring_elements 0.76501
published_at 2026-04-11T12:55:00Z
4
value 0.0096
scoring_system epss
scoring_elements 0.76475
published_at 2026-04-13T12:55:00Z
5
value 0.0096
scoring_system epss
scoring_elements 0.76461
published_at 2026-04-08T12:55:00Z
6
value 0.0096
scoring_system epss
scoring_elements 0.76429
published_at 2026-04-07T12:55:00Z
7
value 0.0096
scoring_system epss
scoring_elements 0.76448
published_at 2026-04-04T12:55:00Z
8
value 0.0096
scoring_system epss
scoring_elements 0.76519
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36542
1
reference_url http://seclists.org/fulldisclosure/2023/Jul/43
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/
url http://seclists.org/fulldisclosure/2023/Jul/43
2
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
3
reference_url https://github.com/apache/nifi/commit/532578799c
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/532578799c
4
reference_url https://issues.apache.org/jira/browse/NIFI-11744
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/NIFI-11744
5
reference_url https://lists.apache.org/thread/swnly3dzhhq9zo3rofc8djq77stkhbof
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/
url https://lists.apache.org/thread/swnly3dzhhq9zo3rofc8djq77stkhbof
6
reference_url https://nifi.apache.org/security.html#CVE-2023-36542
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/
url https://nifi.apache.org/security.html#CVE-2023-36542
7
reference_url http://www.openwall.com/lists/oss-security/2023/07/29/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/
url http://www.openwall.com/lists/oss-security/2023/07/29/1
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36542
reference_id CVE-2023-36542
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36542
9
reference_url https://github.com/advisories/GHSA-r969-8v3h-23v9
reference_id GHSA-r969-8v3h-23v9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r969-8v3h-23v9
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.23.0
purl pkg:maven/org.apache.nifi/nifi@1.23.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hy35-v2p5-2ycq
1
vulnerability VCID-ues1-6z47-q7hc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.23.0
aliases CVE-2023-36542, GHSA-r969-8v3h-23v9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rv8f-q4a4-xqbk
Fixing_vulnerabilities
0
url VCID-r9su-47z6-x7cw
vulnerability_id VCID-r9su-47z6-x7cw
summary 
Origin Validation Error
Apache NiFi needs to establish the response header telling browsers to only allow framing with the same origin.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7667
reference_id
reference_type
scores
0
value 0.00392
scoring_system epss
scoring_elements 0.60244
published_at 2026-04-18T12:55:00Z
1
value 0.00392
scoring_system epss
scoring_elements 0.60143
published_at 2026-04-07T12:55:00Z
2
value 0.00392
scoring_system epss
scoring_elements 0.60193
published_at 2026-04-08T12:55:00Z
3
value 0.00392
scoring_system epss
scoring_elements 0.60207
published_at 2026-04-09T12:55:00Z
4
value 0.00392
scoring_system epss
scoring_elements 0.60228
published_at 2026-04-11T12:55:00Z
5
value 0.00392
scoring_system epss
scoring_elements 0.60215
published_at 2026-04-12T12:55:00Z
6
value 0.00392
scoring_system epss
scoring_elements 0.60197
published_at 2026-04-13T12:55:00Z
7
value 0.00392
scoring_system epss
scoring_elements 0.60237
published_at 2026-04-16T12:55:00Z
8
value 0.00392
scoring_system epss
scoring_elements 0.60071
published_at 2026-04-01T12:55:00Z
9
value 0.00392
scoring_system epss
scoring_elements 0.60149
published_at 2026-04-02T12:55:00Z
10
value 0.00392
scoring_system epss
scoring_elements 0.60174
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7667
1
reference_url https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce@%3Cdev.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce@%3Cdev.nifi.apache.org%3E
2
reference_url http://www.securityfocus.com/bid/99018
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/99018
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7667
reference_id CVE-2017-7667
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7667
4
reference_url https://github.com/advisories/GHSA-jvx9-rj3w-jq99
reference_id GHSA-jvx9-rj3w-jq99
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jvx9-rj3w-jq99
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@0.7.4
purl pkg:maven/org.apache.nifi/nifi@0.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eka-p4cs-f3dz
1
vulnerability VCID-4fnm-bxv8-vqhz
2
vulnerability VCID-bpqd-tx8f-kycf
3
vulnerability VCID-hy35-v2p5-2ycq
4
vulnerability VCID-j263-1hyr-t7hn
5
vulnerability VCID-k1bm-1u7b-vybp
6
vulnerability VCID-rn4r-36ab-sfey
7
vulnerability VCID-rv8f-q4a4-xqbk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@0.7.4
1
url pkg:maven/org.apache.nifi/nifi@1.3.0
purl pkg:maven/org.apache.nifi/nifi@1.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dsr-hras-zudk
1
vulnerability VCID-2ema-4jrp-3kfr
2
vulnerability VCID-3eka-p4cs-f3dz
3
vulnerability VCID-3rp1-pc25-euhm
4
vulnerability VCID-4v3d-ugqf-uyag
5
vulnerability VCID-6mt2-4tn4-5bcb
6
vulnerability VCID-bppj-knks-jybe
7
vulnerability VCID-bpqd-tx8f-kycf
8
vulnerability VCID-g74u-zmqj-gyb7
9
vulnerability VCID-gqjq-sbf1-x7ew
10
vulnerability VCID-hy35-v2p5-2ycq
11
vulnerability VCID-j263-1hyr-t7hn
12
vulnerability VCID-k1bm-1u7b-vybp
13
vulnerability VCID-rj21-6d19-gqbe
14
vulnerability VCID-rjau-hbsn-u3ah
15
vulnerability VCID-rn4r-36ab-sfey
16
vulnerability VCID-rv8f-q4a4-xqbk
17
vulnerability VCID-w18h-3c8s-s3eq
18
vulnerability VCID-yrgr-3cv3-b3ff
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.3.0
aliases CVE-2017-7667, GHSA-jvx9-rj3w-jq99
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r9su-47z6-x7cw
1
url VCID-tnfn-2kzc-rugx
vulnerability_id VCID-tnfn-2kzc-rugx
summary 
Cross-site Scripting
There are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7665
reference_id
reference_type
scores
0
value 0.00752
scoring_system epss
scoring_elements 0.73131
published_at 2026-04-01T12:55:00Z
1
value 0.00752
scoring_system epss
scoring_elements 0.73162
published_at 2026-04-04T12:55:00Z
2
value 0.00752
scoring_system epss
scoring_elements 0.73141
published_at 2026-04-02T12:55:00Z
3
value 0.00876
scoring_system epss
scoring_elements 0.75336
published_at 2026-04-18T12:55:00Z
4
value 0.00876
scoring_system epss
scoring_elements 0.75249
published_at 2026-04-07T12:55:00Z
5
value 0.00876
scoring_system epss
scoring_elements 0.75292
published_at 2026-04-08T12:55:00Z
6
value 0.00876
scoring_system epss
scoring_elements 0.75302
published_at 2026-04-09T12:55:00Z
7
value 0.00876
scoring_system epss
scoring_elements 0.75323
published_at 2026-04-11T12:55:00Z
8
value 0.00876
scoring_system epss
scoring_elements 0.75301
published_at 2026-04-12T12:55:00Z
9
value 0.00876
scoring_system epss
scoring_elements 0.7529
published_at 2026-04-13T12:55:00Z
10
value 0.00876
scoring_system epss
scoring_elements 0.75329
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7665
1
reference_url https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce@%3Cdev.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce@%3Cdev.nifi.apache.org%3E
2
reference_url http://www.securityfocus.com/bid/99009
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/99009
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7665
reference_id CVE-2017-7665
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7665
4
reference_url https://github.com/advisories/GHSA-m5r7-w9v3-ghmx
reference_id GHSA-m5r7-w9v3-ghmx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m5r7-w9v3-ghmx
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@0.7.4
purl pkg:maven/org.apache.nifi/nifi@0.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eka-p4cs-f3dz
1
vulnerability VCID-4fnm-bxv8-vqhz
2
vulnerability VCID-bpqd-tx8f-kycf
3
vulnerability VCID-hy35-v2p5-2ycq
4
vulnerability VCID-j263-1hyr-t7hn
5
vulnerability VCID-k1bm-1u7b-vybp
6
vulnerability VCID-rn4r-36ab-sfey
7
vulnerability VCID-rv8f-q4a4-xqbk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@0.7.4
1
url pkg:maven/org.apache.nifi/nifi@1.3.0
purl pkg:maven/org.apache.nifi/nifi@1.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dsr-hras-zudk
1
vulnerability VCID-2ema-4jrp-3kfr
2
vulnerability VCID-3eka-p4cs-f3dz
3
vulnerability VCID-3rp1-pc25-euhm
4
vulnerability VCID-4v3d-ugqf-uyag
5
vulnerability VCID-6mt2-4tn4-5bcb
6
vulnerability VCID-bppj-knks-jybe
7
vulnerability VCID-bpqd-tx8f-kycf
8
vulnerability VCID-g74u-zmqj-gyb7
9
vulnerability VCID-gqjq-sbf1-x7ew
10
vulnerability VCID-hy35-v2p5-2ycq
11
vulnerability VCID-j263-1hyr-t7hn
12
vulnerability VCID-k1bm-1u7b-vybp
13
vulnerability VCID-rj21-6d19-gqbe
14
vulnerability VCID-rjau-hbsn-u3ah
15
vulnerability VCID-rn4r-36ab-sfey
16
vulnerability VCID-rv8f-q4a4-xqbk
17
vulnerability VCID-w18h-3c8s-s3eq
18
vulnerability VCID-yrgr-3cv3-b3ff
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.3.0
aliases CVE-2017-7665, GHSA-m5r7-w9v3-ghmx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tnfn-2kzc-rugx
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@0.7.4