Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/53687?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/53687?format=api", "purl": "pkg:maven/org.apache.nifi/nifi@1.2.0", "type": "maven", "namespace": "org.apache.nifi", "name": "nifi", "version": "1.2.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.5.0", "latest_non_vulnerable_version": "1.24.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38647?format=api", "vulnerability_id": "VCID-5yn9-8juq-mkd9", "summary": "Cross-site Scripting\nThere are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.", "references": [ { "reference_url": "http://www.securityfocus.com/bid/99009", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/99009" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7665", "reference_id": "CVE-2017-7665", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7665" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53689?format=api", "purl": "pkg:maven/org.apache.nifi/nifi@1.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3tg-8rmu-9ucb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.3.0" } ], "aliases": [ "CVE-2017-7665" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5yn9-8juq-mkd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39012?format=api", "vulnerability_id": "VCID-e3tg-8rmu-9ucb", "summary": "Improper Restriction of XML External Entity Reference\nAn authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity.", "references": [ { "reference_url": "https://nifi.apache.org/security.html#CVE-2017-12623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nifi.apache.org/security.html#CVE-2017-12623" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12623", "reference_id": "CVE-2017-12623", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12623" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54418?format=api", "purl": "pkg:maven/org.apache.nifi/nifi@1.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ps4-jf7z-nqf1" }, { "vulnerability": "VCID-cqqh-wp8z-jua2" }, { "vulnerability": "VCID-jnfq-u9wb-k7dq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.4.0" } ], "aliases": [ "CVE-2017-12623" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e3tg-8rmu-9ucb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44412?format=api", "vulnerability_id": "VCID-grt2-a9zv-gkck", "summary": "XML External Entity Reference in Apache NiFi\nThe ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations and disallows XML External Entity resolution in the ExtractCCDAAttributes Processor.", "references": [ { "reference_url": "https://github.com/apache/nifi", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/nifi" }, { "reference_url": "https://github.com/apache/nifi/commit/e966336e8966cf0cbbd12a2c4f2d73a7ceb75cd8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/nifi/commit/e966336e8966cf0cbbd12a2c4f2d73a7ceb75cd8" }, { "reference_url": "https://lists.apache.org/thread/b51qs6y7b7r58vovddkv6wc16g2xbl3w", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/b51qs6y7b7r58vovddkv6wc16g2xbl3w" }, { "reference_url": "https://nifi.apache.org/security.html#CVE-2023-22832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nifi.apache.org/security.html#CVE-2023-22832" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22832", "reference_id": "CVE-2023-22832", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22832" }, { "reference_url": "https://github.com/advisories/GHSA-hxjp-q6c3-38fx", "reference_id": "GHSA-hxjp-q6c3-38fx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hxjp-q6c3-38fx" } ], "fixed_packages": [], "aliases": [ "CVE-2023-22832", "GHSA-hxjp-q6c3-38fx" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-grt2-a9zv-gkck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38649?format=api", "vulnerability_id": "VCID-ty4z-t2su-muc6", "summary": "Origin Validation Error\nApache NiFi needs to establish the response header telling browsers to only allow framing with the same origin.", "references": [ { "reference_url": "http://www.securityfocus.com/bid/99018", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/99018" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7667", "reference_id": "CVE-2017-7667", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7667" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53689?format=api", "purl": "pkg:maven/org.apache.nifi/nifi@1.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3tg-8rmu-9ucb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.3.0" } ], "aliases": [ "CVE-2017-7667" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ty4z-t2su-muc6" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.2.0" }