Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-njrw-f5mw-7yey

Summary

Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log
Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causing the application to write Parameter names and values to the application log. Parameter Context values may contain sensitive information depending on application flow configuration. Deployments of Apache NiFi with the default Logback configuration do not log Parameter Context values. Upgrading to Apache NiFi 2.0.0 or 1.28.1 is the recommendation mitigation, eliminating Parameter value logging from the flow synchronization process regardless of the Logback configuration.

Aliases

alias	CVE-2024-52067

alias	GHSA-v3vc-6qcv-4vrx

Fixed_packages

url pkg:maven/org.apache.nifi/nifi-framework-core@1.28.1

purl pkg:maven/org.apache.nifi/nifi-framework-core@1.28.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@1.28.1

url pkg:maven/org.apache.nifi/nifi-framework-core@2.0.0

purl pkg:maven/org.apache.nifi/nifi-framework-core@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@2.0.0

Affected_packages

url pkg:maven/org.apache.nifi/nifi-framework-core@1.16.0

purl pkg:maven/org.apache.nifi/nifi-framework-core@1.16.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

vulnerability	VCID-njrw-f5mw-7yey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@1.16.0

url pkg:maven/org.apache.nifi/nifi-framework-core@1.16.1

purl pkg:maven/org.apache.nifi/nifi-framework-core@1.16.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

vulnerability	VCID-njrw-f5mw-7yey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@1.16.1

url pkg:maven/org.apache.nifi/nifi-framework-core@1.16.2

purl pkg:maven/org.apache.nifi/nifi-framework-core@1.16.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

vulnerability	VCID-njrw-f5mw-7yey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@1.16.2

url pkg:maven/org.apache.nifi/nifi-framework-core@1.16.3

purl pkg:maven/org.apache.nifi/nifi-framework-core@1.16.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

vulnerability	VCID-njrw-f5mw-7yey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@1.16.3

url pkg:maven/org.apache.nifi/nifi-framework-core@1.17.0

purl pkg:maven/org.apache.nifi/nifi-framework-core@1.17.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

vulnerability	VCID-njrw-f5mw-7yey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@1.17.0

url pkg:maven/org.apache.nifi/nifi-framework-core@1.18.0

purl pkg:maven/org.apache.nifi/nifi-framework-core@1.18.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

vulnerability	VCID-njrw-f5mw-7yey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@1.18.0

url pkg:maven/org.apache.nifi/nifi-framework-core@1.19.0

purl pkg:maven/org.apache.nifi/nifi-framework-core@1.19.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

vulnerability	VCID-njrw-f5mw-7yey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@1.19.0

url pkg:maven/org.apache.nifi/nifi-framework-core@1.19.1

purl pkg:maven/org.apache.nifi/nifi-framework-core@1.19.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

vulnerability	VCID-njrw-f5mw-7yey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@1.19.1

url pkg:maven/org.apache.nifi/nifi-framework-core@1.20.0

purl pkg:maven/org.apache.nifi/nifi-framework-core@1.20.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

vulnerability	VCID-njrw-f5mw-7yey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@1.20.0

url pkg:maven/org.apache.nifi/nifi-framework-core@1.21.0

purl pkg:maven/org.apache.nifi/nifi-framework-core@1.21.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

vulnerability	VCID-njrw-f5mw-7yey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@1.21.0

url pkg:maven/org.apache.nifi/nifi-framework-core@1.22.0

purl pkg:maven/org.apache.nifi/nifi-framework-core@1.22.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

vulnerability	VCID-njrw-f5mw-7yey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@1.22.0

url pkg:maven/org.apache.nifi/nifi-framework-core@1.23.0

purl pkg:maven/org.apache.nifi/nifi-framework-core@1.23.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

vulnerability	VCID-njrw-f5mw-7yey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@1.23.0

url pkg:maven/org.apache.nifi/nifi-framework-core@1.23.1

purl pkg:maven/org.apache.nifi/nifi-framework-core@1.23.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

vulnerability	VCID-njrw-f5mw-7yey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@1.23.1

url pkg:maven/org.apache.nifi/nifi-framework-core@1.23.2

purl pkg:maven/org.apache.nifi/nifi-framework-core@1.23.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

vulnerability	VCID-njrw-f5mw-7yey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@1.23.2

url pkg:maven/org.apache.nifi/nifi-framework-core@1.24.0

purl pkg:maven/org.apache.nifi/nifi-framework-core@1.24.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

vulnerability	VCID-njrw-f5mw-7yey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@1.24.0

url pkg:maven/org.apache.nifi/nifi-framework-core@1.25.0

purl pkg:maven/org.apache.nifi/nifi-framework-core@1.25.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

vulnerability	VCID-njrw-f5mw-7yey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@1.25.0

url pkg:maven/org.apache.nifi/nifi-framework-core@1.26.0

purl pkg:maven/org.apache.nifi/nifi-framework-core@1.26.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

vulnerability	VCID-njrw-f5mw-7yey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@1.26.0

url pkg:maven/org.apache.nifi/nifi-framework-core@1.27.0

purl pkg:maven/org.apache.nifi/nifi-framework-core@1.27.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

vulnerability	VCID-njrw-f5mw-7yey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@1.27.0

url pkg:maven/org.apache.nifi/nifi-framework-core@1.28.0

purl pkg:maven/org.apache.nifi/nifi-framework-core@1.28.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

vulnerability	VCID-njrw-f5mw-7yey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@1.28.0

url pkg:maven/org.apache.nifi/nifi-framework-core@2.0.0-M1

purl pkg:maven/org.apache.nifi/nifi-framework-core@2.0.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

vulnerability	VCID-njrw-f5mw-7yey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@2.0.0-M1

url pkg:maven/org.apache.nifi/nifi-framework-core@2.0.0-M2

purl pkg:maven/org.apache.nifi/nifi-framework-core@2.0.0-M2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

vulnerability	VCID-njrw-f5mw-7yey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@2.0.0-M2

url pkg:maven/org.apache.nifi/nifi-framework-core@2.0.0-M3

purl pkg:maven/org.apache.nifi/nifi-framework-core@2.0.0-M3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

vulnerability	VCID-njrw-f5mw-7yey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@2.0.0-M3

url pkg:maven/org.apache.nifi/nifi-framework-core@2.0.0-M4

purl pkg:maven/org.apache.nifi/nifi-framework-core@2.0.0-M4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eme-vjmz-5fen

vulnerability	VCID-njrw-f5mw-7yey

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-framework-core@2.0.0-M4

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-52067

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.0759
published_at	2026-04-04T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07643
published_at	2026-04-11T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07625
published_at	2026-04-08T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07566
published_at	2026-04-07T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07549
published_at	2026-04-02T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10949
published_at	2026-04-21T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10817
published_at	2026-04-16T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10953
published_at	2026-04-13T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10976
published_at	2026-04-12T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.1083
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-52067

reference_url

https://github.com/apache/nifi

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/AU:Y/R:U/V:D/RE:L/U:Green

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/nifi

reference_url

https://github.com/apache/nifi/commit/5aed878c5d2a193cd2039c2e997bc3025046bc41

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/AU:Y/R:U/V:D/RE:L/U:Green

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/nifi/commit/5aed878c5d2a193cd2039c2e997bc3025046bc41

reference_url

https://github.com/apache/nifi/commit/c1108365949268631526d5016b1a163a82f8e9df

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/AU:Y/R:U/V:D/RE:L/U:Green

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/nifi/commit/c1108365949268631526d5016b1a163a82f8e9df

reference_url

https://issues.apache.org/jira/browse/NIFI-13971

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/AU:Y/R:U/V:D/RE:L/U:Green

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/NIFI-13971

reference_url

https://lists.apache.org/thread/9rz5rwn2zc7pfjq7ppqldqlc067tlcwd

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/AU:Y/R:U/V:D/RE:L/U:Green

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-21T15:37:08Z/

url

https://lists.apache.org/thread/9rz5rwn2zc7pfjq7ppqldqlc067tlcwd

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-52067

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/AU:Y/R:U/V:D/RE:L/U:Green

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-52067

reference_url

http://www.openwall.com/lists/oss-security/2024/11/20/2

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/AU:Y/R:U/V:D/RE:L/U:Green

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2024/11/20/2

reference_url

https://github.com/advisories/GHSA-v3vc-6qcv-4vrx

reference_id

GHSA-v3vc-6qcv-4vrx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v3vc-6qcv-4vrx

Weaknesses

cwe_id	532
name	Insertion of Sensitive Information into Log File
description	Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-njrw-f5mw-7yey

Vulnerability Instance