Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.nifi/nifi-dbcp-base@1.23.0
Typemaven
Namespaceorg.apache.nifi
Namenifi-dbcp-base
Version1.23.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.23.1
Latest_non_vulnerable_version1.23.1
Affected_by_vulnerabilities
0
url VCID-ues1-6z47-q7hc
vulnerability_id VCID-ues1-6z47-q7hc
summary 
Incorrect Comparison
Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custom input formatting. The resolution enhances connection URL validation and introduces validation for additional related properties. Upgrading to Apache NiFi 1.23.1 is the recommended mitigation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-40037
reference_id
reference_type
scores
0
value 0.01261
scoring_system epss
scoring_elements 0.79378
published_at 2026-04-02T12:55:00Z
1
value 0.01261
scoring_system epss
scoring_elements 0.79452
published_at 2026-04-21T12:55:00Z
2
value 0.01261
scoring_system epss
scoring_elements 0.79449
published_at 2026-04-18T12:55:00Z
3
value 0.01261
scoring_system epss
scoring_elements 0.79451
published_at 2026-04-16T12:55:00Z
4
value 0.01261
scoring_system epss
scoring_elements 0.7942
published_at 2026-04-13T12:55:00Z
5
value 0.01261
scoring_system epss
scoring_elements 0.79431
published_at 2026-04-12T12:55:00Z
6
value 0.01261
scoring_system epss
scoring_elements 0.79447
published_at 2026-04-11T12:55:00Z
7
value 0.01261
scoring_system epss
scoring_elements 0.79388
published_at 2026-04-07T12:55:00Z
8
value 0.01261
scoring_system epss
scoring_elements 0.794
published_at 2026-04-04T12:55:00Z
9
value 0.01261
scoring_system epss
scoring_elements 0.79424
published_at 2026-04-09T12:55:00Z
10
value 0.01261
scoring_system epss
scoring_elements 0.79415
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-40037
1
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
2
reference_url https://github.com/apache/nifi/commit/064550aacc189f39d7ddd2c0446068adf250f1bf
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/064550aacc189f39d7ddd2c0446068adf250f1bf
3
reference_url https://github.com/apache/nifi/pull/7586
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/pull/7586
4
reference_url https://issues.apache.org/jira/browse/NIFI-11920
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/NIFI-11920
5
reference_url https://lists.apache.org/thread/bqbjlrs2p5ghh8sbk5nsxb8xpf9l687q
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:06:15Z/
url https://lists.apache.org/thread/bqbjlrs2p5ghh8sbk5nsxb8xpf9l687q
6
reference_url https://nifi.apache.org/security.html#CVE-2023-40037
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:06:15Z/
url https://nifi.apache.org/security.html#CVE-2023-40037
7
reference_url http://www.openwall.com/lists/oss-security/2023/08/18/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:06:15Z/
url http://www.openwall.com/lists/oss-security/2023/08/18/2
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-40037
reference_id CVE-2023-40037
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-40037
9
reference_url https://github.com/advisories/GHSA-23qf-3jf9-h3q9
reference_id GHSA-23qf-3jf9-h3q9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-23qf-3jf9-h3q9
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi-dbcp-base@1.23.1
purl pkg:maven/org.apache.nifi/nifi-dbcp-base@1.23.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-dbcp-base@1.23.1
aliases CVE-2023-40037, GHSA-23qf-3jf9-h3q9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ues1-6z47-q7hc
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-dbcp-base@1.23.0