Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.nifi/nifi@1.2.0
Typemaven
Namespaceorg.apache.nifi
Namenifi
Version1.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.5.0
Latest_non_vulnerable_version1.24.0
Affected_by_vulnerabilities
0
url VCID-5yn9-8juq-mkd9
vulnerability_id VCID-5yn9-8juq-mkd9
summary 
Cross-site Scripting
There are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
references
0
reference_url http://www.securityfocus.com/bid/99009
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/99009
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7665
reference_id CVE-2017-7665
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7665
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.3.0
purl pkg:maven/org.apache.nifi/nifi@1.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e3tg-8rmu-9ucb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.3.0
aliases CVE-2017-7665
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5yn9-8juq-mkd9
1
url VCID-e3tg-8rmu-9ucb
vulnerability_id VCID-e3tg-8rmu-9ucb
summary 
Improper Restriction of XML External Entity Reference
An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity.
references
0
reference_url https://nifi.apache.org/security.html#CVE-2017-12623
reference_id
reference_type
scores
url https://nifi.apache.org/security.html#CVE-2017-12623
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12623
reference_id CVE-2017-12623
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-12623
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.4.0
purl pkg:maven/org.apache.nifi/nifi@1.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ps4-jf7z-nqf1
1
vulnerability VCID-cqqh-wp8z-jua2
2
vulnerability VCID-jnfq-u9wb-k7dq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.4.0
aliases CVE-2017-12623
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3tg-8rmu-9ucb
2
url VCID-grt2-a9zv-gkck
vulnerability_id VCID-grt2-a9zv-gkck
summary 
XML External Entity Reference in Apache NiFi
The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations and disallows XML External Entity resolution in the ExtractCCDAAttributes Processor.
references
0
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
url https://github.com/apache/nifi
1
reference_url https://github.com/apache/nifi/commit/e966336e8966cf0cbbd12a2c4f2d73a7ceb75cd8
reference_id
reference_type
scores
url https://github.com/apache/nifi/commit/e966336e8966cf0cbbd12a2c4f2d73a7ceb75cd8
2
reference_url https://lists.apache.org/thread/b51qs6y7b7r58vovddkv6wc16g2xbl3w
reference_id
reference_type
scores
url https://lists.apache.org/thread/b51qs6y7b7r58vovddkv6wc16g2xbl3w
3
reference_url https://nifi.apache.org/security.html#CVE-2023-22832
reference_id
reference_type
scores
url https://nifi.apache.org/security.html#CVE-2023-22832
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22832
reference_id CVE-2023-22832
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-22832
5
reference_url https://github.com/advisories/GHSA-hxjp-q6c3-38fx
reference_id GHSA-hxjp-q6c3-38fx
reference_type
scores
url https://github.com/advisories/GHSA-hxjp-q6c3-38fx
fixed_packages
aliases CVE-2023-22832, GHSA-hxjp-q6c3-38fx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-grt2-a9zv-gkck
3
url VCID-ty4z-t2su-muc6
vulnerability_id VCID-ty4z-t2su-muc6
summary 
Origin Validation Error
Apache NiFi needs to establish the response header telling browsers to only allow framing with the same origin.
references
0
reference_url http://www.securityfocus.com/bid/99018
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/99018
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7667
reference_id CVE-2017-7667
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7667
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.3.0
purl pkg:maven/org.apache.nifi/nifi@1.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e3tg-8rmu-9ucb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.3.0
aliases CVE-2017-7667
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ty4z-t2su-muc6
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.2.0