Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.nifi.registry/nifi-registry-core@0.7.0
Typemaven
Namespaceorg.apache.nifi.registry
Namenifi-registry-core
Version0.7.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.16.3
Latest_non_vulnerable_version1.16.3
Affected_by_vulnerabilities
0
url VCID-xhjy-xmhq-abh7
vulnerability_id VCID-xhjy-xmhq-abh7
summary 
Code injection in Apache NiFi and NiFi Registry
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-33140
reference_id
reference_type
scores
0
value 0.03884
scoring_system epss
scoring_elements 0.88262
published_at 2026-04-21T12:55:00Z
1
value 0.03884
scoring_system epss
scoring_elements 0.88215
published_at 2026-04-04T12:55:00Z
2
value 0.03884
scoring_system epss
scoring_elements 0.88221
published_at 2026-04-07T12:55:00Z
3
value 0.03884
scoring_system epss
scoring_elements 0.88241
published_at 2026-04-08T12:55:00Z
4
value 0.03884
scoring_system epss
scoring_elements 0.88247
published_at 2026-04-09T12:55:00Z
5
value 0.03884
scoring_system epss
scoring_elements 0.88258
published_at 2026-04-11T12:55:00Z
6
value 0.03884
scoring_system epss
scoring_elements 0.88251
published_at 2026-04-12T12:55:00Z
7
value 0.03884
scoring_system epss
scoring_elements 0.8825
published_at 2026-04-13T12:55:00Z
8
value 0.03884
scoring_system epss
scoring_elements 0.88264
published_at 2026-04-16T12:55:00Z
9
value 0.03884
scoring_system epss
scoring_elements 0.88263
published_at 2026-04-18T12:55:00Z
10
value 0.03884
scoring_system epss
scoring_elements 0.882
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-33140
1
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
2
reference_url https://lists.apache.org/thread/bzs2pcdjsdrh5039oslmfr9mbs9qqdhr
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/bzs2pcdjsdrh5039oslmfr9mbs9qqdhr
3
reference_url https://nifi.apache.org/security.html#CVE-2022-33140
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security.html#CVE-2022-33140
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-33140
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-33140
5
reference_url https://github.com/advisories/GHSA-77hf-23pq-2g7c
reference_id GHSA-77hf-23pq-2g7c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-77hf-23pq-2g7c
fixed_packages
0
url pkg:maven/org.apache.nifi.registry/nifi-registry-core@1.16.3
purl pkg:maven/org.apache.nifi.registry/nifi-registry-core@1.16.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi.registry/nifi-registry-core@1.16.3
aliases CVE-2022-33140, GHSA-77hf-23pq-2g7c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xhjy-xmhq-abh7
Fixing_vulnerabilities
0
url VCID-6xux-6rk7-gygr
vulnerability_id VCID-6xux-6rk7-gygr
summary 
Insufficient Session Expiration
If NiFi Registry to uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to hours after logging out to make API requests to NiFi Registry.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9482
reference_id
reference_type
scores
0
value 0.00923
scoring_system epss
scoring_elements 0.76012
published_at 2026-04-21T12:55:00Z
1
value 0.00923
scoring_system epss
scoring_elements 0.75928
published_at 2026-04-01T12:55:00Z
2
value 0.00923
scoring_system epss
scoring_elements 0.75931
published_at 2026-04-02T12:55:00Z
3
value 0.00923
scoring_system epss
scoring_elements 0.75964
published_at 2026-04-04T12:55:00Z
4
value 0.00923
scoring_system epss
scoring_elements 0.75942
published_at 2026-04-07T12:55:00Z
5
value 0.00923
scoring_system epss
scoring_elements 0.75975
published_at 2026-04-08T12:55:00Z
6
value 0.00923
scoring_system epss
scoring_elements 0.7599
published_at 2026-04-09T12:55:00Z
7
value 0.00923
scoring_system epss
scoring_elements 0.76015
published_at 2026-04-11T12:55:00Z
8
value 0.00923
scoring_system epss
scoring_elements 0.75991
published_at 2026-04-12T12:55:00Z
9
value 0.00923
scoring_system epss
scoring_elements 0.75985
published_at 2026-04-13T12:55:00Z
10
value 0.00923
scoring_system epss
scoring_elements 0.76025
published_at 2026-04-16T12:55:00Z
11
value 0.00923
scoring_system epss
scoring_elements 0.76027
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9482
1
reference_url https://github.com/apache/nifi-registry/commit/2881e29dce3a179f3e56069b82ef8cbb7bd8d85c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi-registry/commit/2881e29dce3a179f3e56069b82ef8cbb7bd8d85c
2
reference_url https://github.com/apache/nifi-registry/pull/259/commits/32f9352465e877d71ad7f85b70f2304ba620e133#diff-a72e640a2c41fe6fe8848066f6a588da2e9e76350bef287d7e145a231042c485
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi-registry/pull/259/commits/32f9352465e877d71ad7f85b70f2304ba620e133#diff-a72e640a2c41fe6fe8848066f6a588da2e9e76350bef287d7e145a231042c485
3
reference_url https://github.com/apache/nifi-registry/pull/277/files/9f7f1c1b1095e3facdaa986435fa94eff78627dd
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi-registry/pull/277/files/9f7f1c1b1095e3facdaa986435fa94eff78627dd
4
reference_url https://nifi.apache.org/registry-security.html#CVE-2020-9482
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/registry-security.html#CVE-2020-9482
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9482
reference_id CVE-2020-9482
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9482
6
reference_url https://github.com/advisories/GHSA-rcwj-2hj2-vmjj
reference_id GHSA-rcwj-2hj2-vmjj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rcwj-2hj2-vmjj
fixed_packages
0
url pkg:maven/org.apache.nifi.registry/nifi-registry-core@0.7.0
purl pkg:maven/org.apache.nifi.registry/nifi-registry-core@0.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xhjy-xmhq-abh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi.registry/nifi-registry-core@0.7.0
aliases CVE-2020-9482, GHSA-rcwj-2hj2-vmjj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6xux-6rk7-gygr
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi.registry/nifi-registry-core@0.7.0