Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.nifi/nifi@0.0.1
Typemaven
Namespaceorg.apache.nifi
Namenifi
Version0.0.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.24.0
Latest_non_vulnerable_version1.24.0
Affected_by_vulnerabilities
0
url VCID-jmcf-m398-pqec
vulnerability_id VCID-jmcf-m398-pqec
summary 
Improper Restriction of XML External Entity Reference
Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: - `EvaluateXPath` - `EvaluateXQuery` - `ValidateXml` Apache NiFi flow configurations that include these Processors is vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29265
reference_id
reference_type
scores
0
value 0.0212
scoring_system epss
scoring_elements 0.84449
published_at 2026-06-04T12:55:00Z
1
value 0.0212
scoring_system epss
scoring_elements 0.84469
published_at 2026-06-07T12:55:00Z
2
value 0.0212
scoring_system epss
scoring_elements 0.84476
published_at 2026-06-06T12:55:00Z
3
value 0.0212
scoring_system epss
scoring_elements 0.84473
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29265
1
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
2
reference_url https://lists.apache.org/thread/47od9kr9n4cyv0mv81jh3pkyx815kyjl
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/47od9kr9n4cyv0mv81jh3pkyx815kyjl
3
reference_url https://nifi.apache.org/security.html#CVE-2022-29265
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security.html#CVE-2022-29265
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29265
reference_id CVE-2022-29265
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29265
5
reference_url https://github.com/advisories/GHSA-wc97-7623-rxwx
reference_id GHSA-wc97-7623-rxwx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wc97-7623-rxwx
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.16.1
purl pkg:maven/org.apache.nifi/nifi@1.16.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-grt2-a9zv-gkck
1
vulnerability VCID-jwv9-rx8x-jkf3
2
vulnerability VCID-mm3u-4acx-e3hj
3
vulnerability VCID-qkvt-fdp4-uyd6
4
vulnerability VCID-u3p9-su6e-efbw
5
vulnerability VCID-uwnc-5qk4-eqgw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.16.1
aliases CVE-2022-29265, GHSA-wc97-7623-rxwx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jmcf-m398-pqec
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@0.0.1