Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ues1-6z47-q7hc
Summary
Incorrect Comparison
Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custom input formatting. The resolution enhances connection URL validation and introduces validation for additional related properties. Upgrading to Apache NiFi 1.23.1 is the recommended mitigation.
Aliases
0
alias CVE-2023-40037
1
alias GHSA-23qf-3jf9-h3q9
Fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.23.1
purl pkg:maven/org.apache.nifi/nifi@1.23.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hy35-v2p5-2ycq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.23.1
1
url pkg:maven/org.apache.nifi/nifi-dbcp-base@1.23.1
purl pkg:maven/org.apache.nifi/nifi-dbcp-base@1.23.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-dbcp-base@1.23.1
2
url pkg:maven/org.apache.nifi/nifi-dbcp-service-api@1.23.1
purl pkg:maven/org.apache.nifi/nifi-dbcp-service-api@1.23.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-dbcp-service-api@1.23.1
3
url pkg:maven/org.apache.nifi/nifi-dbcp-service-bundle@1.23.1
purl pkg:maven/org.apache.nifi/nifi-dbcp-service-bundle@1.23.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-dbcp-service-bundle@1.23.1
4
url pkg:maven/org.apache.nifi/nifi-jms-processors@1.23.1
purl pkg:maven/org.apache.nifi/nifi-jms-processors@1.23.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-jms-processors@1.23.1
Affected_packages
0
url pkg:maven/org.apache.nifi/nifi@1.21.0
purl pkg:maven/org.apache.nifi/nifi@1.21.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eka-p4cs-f3dz
1
vulnerability VCID-4uja-72yx-6qdc
2
vulnerability VCID-hy35-v2p5-2ycq
3
vulnerability VCID-rv8f-q4a4-xqbk
4
vulnerability VCID-ues1-6z47-q7hc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.21.0
1
url pkg:maven/org.apache.nifi/nifi@1.22.0
purl pkg:maven/org.apache.nifi/nifi@1.22.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hy35-v2p5-2ycq
1
vulnerability VCID-rv8f-q4a4-xqbk
2
vulnerability VCID-ues1-6z47-q7hc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.22.0
2
url pkg:maven/org.apache.nifi/nifi@1.23.0
purl pkg:maven/org.apache.nifi/nifi@1.23.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hy35-v2p5-2ycq
1
vulnerability VCID-ues1-6z47-q7hc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.23.0
3
url pkg:maven/org.apache.nifi/nifi-dbcp-base@1.21.0
purl pkg:maven/org.apache.nifi/nifi-dbcp-base@1.21.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eka-p4cs-f3dz
1
vulnerability VCID-ues1-6z47-q7hc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-dbcp-base@1.21.0
4
url pkg:maven/org.apache.nifi/nifi-dbcp-base@1.22.0
purl pkg:maven/org.apache.nifi/nifi-dbcp-base@1.22.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ues1-6z47-q7hc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-dbcp-base@1.22.0
5
url pkg:maven/org.apache.nifi/nifi-dbcp-base@1.23.0
purl pkg:maven/org.apache.nifi/nifi-dbcp-base@1.23.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ues1-6z47-q7hc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-dbcp-base@1.23.0
6
url pkg:maven/org.apache.nifi/nifi-dbcp-service-api@1.21.0
purl pkg:maven/org.apache.nifi/nifi-dbcp-service-api@1.21.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ues1-6z47-q7hc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-dbcp-service-api@1.21.0
7
url pkg:maven/org.apache.nifi/nifi-dbcp-service-api@1.22.0
purl pkg:maven/org.apache.nifi/nifi-dbcp-service-api@1.22.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ues1-6z47-q7hc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-dbcp-service-api@1.22.0
8
url pkg:maven/org.apache.nifi/nifi-dbcp-service-api@1.23.0
purl pkg:maven/org.apache.nifi/nifi-dbcp-service-api@1.23.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ues1-6z47-q7hc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-dbcp-service-api@1.23.0
9
url pkg:maven/org.apache.nifi/nifi-dbcp-service-bundle@1.21.0
purl pkg:maven/org.apache.nifi/nifi-dbcp-service-bundle@1.21.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ues1-6z47-q7hc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-dbcp-service-bundle@1.21.0
10
url pkg:maven/org.apache.nifi/nifi-dbcp-service-bundle@1.22.0
purl pkg:maven/org.apache.nifi/nifi-dbcp-service-bundle@1.22.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ues1-6z47-q7hc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-dbcp-service-bundle@1.22.0
11
url pkg:maven/org.apache.nifi/nifi-dbcp-service-bundle@1.23.0
purl pkg:maven/org.apache.nifi/nifi-dbcp-service-bundle@1.23.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ues1-6z47-q7hc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-dbcp-service-bundle@1.23.0
12
url pkg:maven/org.apache.nifi/nifi-jms-processors@1.21.0
purl pkg:maven/org.apache.nifi/nifi-jms-processors@1.21.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4uja-72yx-6qdc
1
vulnerability VCID-rv8f-q4a4-xqbk
2
vulnerability VCID-ues1-6z47-q7hc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-jms-processors@1.21.0
13
url pkg:maven/org.apache.nifi/nifi-jms-processors@1.22.0
purl pkg:maven/org.apache.nifi/nifi-jms-processors@1.22.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rv8f-q4a4-xqbk
1
vulnerability VCID-ues1-6z47-q7hc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-jms-processors@1.22.0
14
url pkg:maven/org.apache.nifi/nifi-jms-processors@1.23.0
purl pkg:maven/org.apache.nifi/nifi-jms-processors@1.23.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ues1-6z47-q7hc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-jms-processors@1.23.0
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-40037
reference_id
reference_type
scores
0
value 0.01261
scoring_system epss
scoring_elements 0.79378
published_at 2026-04-02T12:55:00Z
1
value 0.01261
scoring_system epss
scoring_elements 0.79452
published_at 2026-04-21T12:55:00Z
2
value 0.01261
scoring_system epss
scoring_elements 0.79449
published_at 2026-04-18T12:55:00Z
3
value 0.01261
scoring_system epss
scoring_elements 0.79451
published_at 2026-04-16T12:55:00Z
4
value 0.01261
scoring_system epss
scoring_elements 0.7942
published_at 2026-04-13T12:55:00Z
5
value 0.01261
scoring_system epss
scoring_elements 0.79431
published_at 2026-04-12T12:55:00Z
6
value 0.01261
scoring_system epss
scoring_elements 0.79447
published_at 2026-04-11T12:55:00Z
7
value 0.01261
scoring_system epss
scoring_elements 0.79388
published_at 2026-04-07T12:55:00Z
8
value 0.01261
scoring_system epss
scoring_elements 0.794
published_at 2026-04-04T12:55:00Z
9
value 0.01261
scoring_system epss
scoring_elements 0.79424
published_at 2026-04-09T12:55:00Z
10
value 0.01261
scoring_system epss
scoring_elements 0.79415
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-40037
1
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
2
reference_url https://github.com/apache/nifi/commit/064550aacc189f39d7ddd2c0446068adf250f1bf
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/064550aacc189f39d7ddd2c0446068adf250f1bf
3
reference_url https://github.com/apache/nifi/pull/7586
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/pull/7586
4
reference_url https://issues.apache.org/jira/browse/NIFI-11920
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/NIFI-11920
5
reference_url https://lists.apache.org/thread/bqbjlrs2p5ghh8sbk5nsxb8xpf9l687q
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:06:15Z/
url https://lists.apache.org/thread/bqbjlrs2p5ghh8sbk5nsxb8xpf9l687q
6
reference_url https://nifi.apache.org/security.html#CVE-2023-40037
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:06:15Z/
url https://nifi.apache.org/security.html#CVE-2023-40037
7
reference_url http://www.openwall.com/lists/oss-security/2023/08/18/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:06:15Z/
url http://www.openwall.com/lists/oss-security/2023/08/18/2
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-40037
reference_id CVE-2023-40037
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-40037
9
reference_url https://github.com/advisories/GHSA-23qf-3jf9-h3q9
reference_id GHSA-23qf-3jf9-h3q9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-23qf-3jf9-h3q9
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 697
name Incorrect Comparison
description The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 184
name Incomplete List of Disallowed Inputs
description The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ues1-6z47-q7hc