Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.nifi/nifi-jms-processors@1.16.1
Typemaven
Namespaceorg.apache.nifi
Namenifi-jms-processors
Version1.16.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.23.1
Latest_non_vulnerable_version1.23.1
Affected_by_vulnerabilities
0
url VCID-4uja-72yx-6qdc
vulnerability_id VCID-4uja-72yx-6qdc
summary 
Deserialization of Untrusted Data
The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location.

The resolution validates the JNDI URL and restricts locations to a set of allowed schemes.

You are recommended to upgrade to version 1.22.0 or later which fixes this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34212
reference_id
reference_type
scores
0
value 0.00779
scoring_system epss
scoring_elements 0.73667
published_at 2026-04-09T12:55:00Z
1
value 0.00779
scoring_system epss
scoring_elements 0.73654
published_at 2026-04-08T12:55:00Z
2
value 0.00779
scoring_system epss
scoring_elements 0.73716
published_at 2026-04-18T12:55:00Z
3
value 0.00779
scoring_system epss
scoring_elements 0.73707
published_at 2026-04-21T12:55:00Z
4
value 0.00779
scoring_system epss
scoring_elements 0.73663
published_at 2026-04-13T12:55:00Z
5
value 0.00779
scoring_system epss
scoring_elements 0.73672
published_at 2026-04-12T12:55:00Z
6
value 0.00779
scoring_system epss
scoring_elements 0.73689
published_at 2026-04-11T12:55:00Z
7
value 0.00909
scoring_system epss
scoring_elements 0.75748
published_at 2026-04-02T12:55:00Z
8
value 0.00909
scoring_system epss
scoring_elements 0.75759
published_at 2026-04-07T12:55:00Z
9
value 0.00909
scoring_system epss
scoring_elements 0.7578
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34212
1
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
2
reference_url https://github.com/apache/nifi/commit/3fcb82ee4509d1ad73893d8dca003be6d086c5d6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/3fcb82ee4509d1ad73893d8dca003be6d086c5d6
3
reference_url https://github.com/apache/nifi/pull/7313
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/pull/7313
4
reference_url https://issues.apache.org/jira/browse/NIFI-11614
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/NIFI-11614
5
reference_url https://lists.apache.org/thread/w5rm46fxmvxy216tglf0dv83wo6gnzr5
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T13:37:27Z/
url https://lists.apache.org/thread/w5rm46fxmvxy216tglf0dv83wo6gnzr5
6
reference_url https://nifi.apache.org/security.html#CVE-2023-34212
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T13:37:27Z/
url https://nifi.apache.org/security.html#CVE-2023-34212
7
reference_url http://www.openwall.com/lists/oss-security/2023/06/12/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T13:37:27Z/
url http://www.openwall.com/lists/oss-security/2023/06/12/2
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34212
reference_id CVE-2023-34212
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34212
9
reference_url https://github.com/advisories/GHSA-65wh-g8x8-gm2h
reference_id GHSA-65wh-g8x8-gm2h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-65wh-g8x8-gm2h
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi-jms-processors@1.22.0
purl pkg:maven/org.apache.nifi/nifi-jms-processors@1.22.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rv8f-q4a4-xqbk
1
vulnerability VCID-ues1-6z47-q7hc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-jms-processors@1.22.0
aliases CVE-2023-34212, GHSA-65wh-g8x8-gm2h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4uja-72yx-6qdc
1
url VCID-rv8f-q4a4-xqbk
vulnerability_id VCID-rv8f-q4a4-xqbk
summary 
Apache NiFi Code Injection vulnerability
Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission for referencing remote resources, restricting configuration of these components to privileged users. The permission prevents unprivileged users from configuring Processors and Controller Services annotated with the new Reference Remote Resources restriction. Upgrading to Apache NiFi 1.23.0 is the recommended mitigation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36542
reference_id
reference_type
scores
0
value 0.0096
scoring_system epss
scoring_elements 0.76419
published_at 2026-04-02T12:55:00Z
1
value 0.0096
scoring_system epss
scoring_elements 0.76515
published_at 2026-04-16T12:55:00Z
2
value 0.0096
scoring_system epss
scoring_elements 0.76479
published_at 2026-04-12T12:55:00Z
3
value 0.0096
scoring_system epss
scoring_elements 0.76501
published_at 2026-04-11T12:55:00Z
4
value 0.0096
scoring_system epss
scoring_elements 0.76475
published_at 2026-04-13T12:55:00Z
5
value 0.0096
scoring_system epss
scoring_elements 0.76461
published_at 2026-04-08T12:55:00Z
6
value 0.0096
scoring_system epss
scoring_elements 0.76429
published_at 2026-04-07T12:55:00Z
7
value 0.0096
scoring_system epss
scoring_elements 0.76448
published_at 2026-04-04T12:55:00Z
8
value 0.0096
scoring_system epss
scoring_elements 0.76507
published_at 2026-04-21T12:55:00Z
9
value 0.0096
scoring_system epss
scoring_elements 0.76519
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36542
1
reference_url http://seclists.org/fulldisclosure/2023/Jul/43
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/
url http://seclists.org/fulldisclosure/2023/Jul/43
2
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
3
reference_url https://github.com/apache/nifi/commit/532578799c
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/532578799c
4
reference_url https://issues.apache.org/jira/browse/NIFI-11744
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/NIFI-11744
5
reference_url https://lists.apache.org/thread/swnly3dzhhq9zo3rofc8djq77stkhbof
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/
url https://lists.apache.org/thread/swnly3dzhhq9zo3rofc8djq77stkhbof
6
reference_url https://nifi.apache.org/security.html#CVE-2023-36542
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/
url https://nifi.apache.org/security.html#CVE-2023-36542
7
reference_url http://www.openwall.com/lists/oss-security/2023/07/29/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/
url http://www.openwall.com/lists/oss-security/2023/07/29/1
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36542
reference_id CVE-2023-36542
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36542
9
reference_url https://github.com/advisories/GHSA-r969-8v3h-23v9
reference_id GHSA-r969-8v3h-23v9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r969-8v3h-23v9
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi-jms-processors@1.23.0
purl pkg:maven/org.apache.nifi/nifi-jms-processors@1.23.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ues1-6z47-q7hc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-jms-processors@1.23.0
aliases CVE-2023-36542, GHSA-r969-8v3h-23v9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rv8f-q4a4-xqbk
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-jms-processors@1.16.1