Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.nifi/nifi-ccda-processors@1.2.0

Type maven

Namespace org.apache.nifi

Name nifi-ccda-processors

Version 1.2.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.20.0

Latest_non_vulnerable_version 1.20.0

Affected_by_vulnerabilities

url VCID-g74u-zmqj-gyb7

vulnerability_id VCID-g74u-zmqj-gyb7

summary

XML External Entity Reference in Apache NiFi
The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations and disallows XML External Entity resolution in the ExtractCCDAAttributes Processor.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-22832

reference_id

reference_type

scores

value	0.02041
scoring_system	epss
scoring_elements	0.83866
published_at	2026-04-21T12:55:00Z

value	0.02041
scoring_system	epss
scoring_elements	0.83783
published_at	2026-04-02T12:55:00Z

value	0.02041
scoring_system	epss
scoring_elements	0.83797
published_at	2026-04-04T12:55:00Z

value	0.02041
scoring_system	epss
scoring_elements	0.83798
published_at	2026-04-07T12:55:00Z

value	0.02041
scoring_system	epss
scoring_elements	0.83822
published_at	2026-04-08T12:55:00Z

value	0.02041
scoring_system	epss
scoring_elements	0.83828
published_at	2026-04-09T12:55:00Z

value	0.02041
scoring_system	epss
scoring_elements	0.83844
published_at	2026-04-11T12:55:00Z

value	0.02041
scoring_system	epss
scoring_elements	0.83837
published_at	2026-04-12T12:55:00Z

value	0.02041
scoring_system	epss
scoring_elements	0.83833
published_at	2026-04-13T12:55:00Z

value	0.02041
scoring_system	epss
scoring_elements	0.83867
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-22832

reference_url

https://github.com/apache/nifi

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/nifi

reference_url

https://github.com/apache/nifi/commit/e966336e8966cf0cbbd12a2c4f2d73a7ceb75cd8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/nifi/commit/e966336e8966cf0cbbd12a2c4f2d73a7ceb75cd8

reference_url

https://lists.apache.org/thread/b51qs6y7b7r58vovddkv6wc16g2xbl3w

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T16:28:56Z/

url

https://lists.apache.org/thread/b51qs6y7b7r58vovddkv6wc16g2xbl3w

reference_url

https://nifi.apache.org/security.html#CVE-2023-22832

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T16:28:56Z/

url

https://nifi.apache.org/security.html#CVE-2023-22832

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-22832

reference_id

CVE-2023-22832

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-22832

reference_url

https://github.com/advisories/GHSA-hxjp-q6c3-38fx

reference_id

GHSA-hxjp-q6c3-38fx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hxjp-q6c3-38fx

fixed_packages

url	pkg:maven/org.apache.nifi/nifi-ccda-processors@1.20.0
purl	pkg:maven/org.apache.nifi/nifi-ccda-processors@1.20.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-ccda-processors@1.20.0

aliases CVE-2023-22832, GHSA-hxjp-q6c3-38fx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g74u-zmqj-gyb7

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-ccda-processors@1.2.0

Package Instance