Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.nifi/nifi@0.0.1
Typemaven
Namespaceorg.apache.nifi
Namenifi
Version0.0.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.24.0
Latest_non_vulnerable_version1.24.0
Affected_by_vulnerabilities
0
url VCID-bpqd-tx8f-kycf
vulnerability_id VCID-bpqd-tx8f-kycf
summary 
Improper Restriction of XML External Entity Reference
Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: - `EvaluateXPath` - `EvaluateXQuery` - `ValidateXml` Apache NiFi flow configurations that include these Processors is vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29265
reference_id
reference_type
scores
0
value 0.0212
scoring_system epss
scoring_elements 0.84164
published_at 2026-04-21T12:55:00Z
1
value 0.0212
scoring_system epss
scoring_elements 0.84098
published_at 2026-04-04T12:55:00Z
2
value 0.0212
scoring_system epss
scoring_elements 0.841
published_at 2026-04-07T12:55:00Z
3
value 0.0212
scoring_system epss
scoring_elements 0.84123
published_at 2026-04-08T12:55:00Z
4
value 0.0212
scoring_system epss
scoring_elements 0.84129
published_at 2026-04-09T12:55:00Z
5
value 0.0212
scoring_system epss
scoring_elements 0.84146
published_at 2026-04-11T12:55:00Z
6
value 0.0212
scoring_system epss
scoring_elements 0.84141
published_at 2026-04-12T12:55:00Z
7
value 0.0212
scoring_system epss
scoring_elements 0.84136
published_at 2026-04-13T12:55:00Z
8
value 0.0212
scoring_system epss
scoring_elements 0.84159
published_at 2026-04-16T12:55:00Z
9
value 0.0212
scoring_system epss
scoring_elements 0.8416
published_at 2026-04-18T12:55:00Z
10
value 0.0212
scoring_system epss
scoring_elements 0.84081
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29265
1
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
2
reference_url https://lists.apache.org/thread/47od9kr9n4cyv0mv81jh3pkyx815kyjl
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/47od9kr9n4cyv0mv81jh3pkyx815kyjl
3
reference_url https://nifi.apache.org/security.html#CVE-2022-29265
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security.html#CVE-2022-29265
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29265
reference_id CVE-2022-29265
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29265
5
reference_url https://github.com/advisories/GHSA-wc97-7623-rxwx
reference_id GHSA-wc97-7623-rxwx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wc97-7623-rxwx
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.16.1
purl pkg:maven/org.apache.nifi/nifi@1.16.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eka-p4cs-f3dz
1
vulnerability VCID-4uja-72yx-6qdc
2
vulnerability VCID-g74u-zmqj-gyb7
3
vulnerability VCID-hy35-v2p5-2ycq
4
vulnerability VCID-rv8f-q4a4-xqbk
5
vulnerability VCID-xhjy-xmhq-abh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.16.1
aliases CVE-2022-29265, GHSA-wc97-7623-rxwx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bpqd-tx8f-kycf
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@0.0.1