Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.nifi/nifi@1.1.1
Typemaven
Namespaceorg.apache.nifi
Namenifi
Version1.1.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.5.0
Latest_non_vulnerable_version1.24.0
Affected_by_vulnerabilities
0
url VCID-m99c-5n4v-w7ec
vulnerability_id VCID-m99c-5n4v-w7ec
summary 
Injection Vulnerability
The proxy chain `serialization/deserialization` is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node.
references
0
reference_url https://nifi.apache.org/security.html#CVE-2017-5636
reference_id
reference_type
scores
url https://nifi.apache.org/security.html#CVE-2017-5636
1
reference_url http://www.securityfocus.com/bid/96731
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/96731
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5636
reference_id CVE-2017-5636
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-5636
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.1.2
purl pkg:maven/org.apache.nifi/nifi@1.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5yn9-8juq-mkd9
1
vulnerability VCID-e3tg-8rmu-9ucb
2
vulnerability VCID-ty4z-t2su-muc6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.1.2
aliases CVE-2017-5636
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m99c-5n4v-w7ec
1
url VCID-r6wb-vjgp-tubn
vulnerability_id VCID-r6wb-vjgp-tubn
summary 
Improper Authentication
If an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user.
references
0
reference_url https://nifi.apache.org/security.html#CVE-2017-5635
reference_id
reference_type
scores
url https://nifi.apache.org/security.html#CVE-2017-5635
1
reference_url http://www.securityfocus.com/bid/96730
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/96730
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5635
reference_id CVE-2017-5635
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-5635
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.1.2
purl pkg:maven/org.apache.nifi/nifi@1.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5yn9-8juq-mkd9
1
vulnerability VCID-e3tg-8rmu-9ucb
2
vulnerability VCID-ty4z-t2su-muc6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.1.2
aliases CVE-2017-5635
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r6wb-vjgp-tubn
Fixing_vulnerabilities
0
url VCID-8ybn-5kck-d7fz
vulnerability_id VCID-8ybn-5kck-d7fz
summary 
Cross-site Scripting
In Apache NiFi, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.
references
0
reference_url https://nifi.apache.org/security.html#CVE-2016-8748
reference_id
reference_type
scores
url https://nifi.apache.org/security.html#CVE-2016-8748
1
reference_url http://www.securityfocus.com/bid/95621
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/95621
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-8748
reference_id CVE-2016-8748
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-8748
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.1.1
purl pkg:maven/org.apache.nifi/nifi@1.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-m99c-5n4v-w7ec
1
vulnerability VCID-r6wb-vjgp-tubn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.1.1
aliases CVE-2016-8748
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8ybn-5kck-d7fz
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.1.1