Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-e3tg-8rmu-9ucb
Summary
Improper Restriction of XML External Entity Reference
An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity.
Aliases
0
alias CVE-2017-12623
1
alias GHSA-qj7f-j6h9-g5rq
Fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.4.0
purl pkg:maven/org.apache.nifi/nifi@1.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ps4-jf7z-nqf1
1
vulnerability VCID-49kq-6d3w-1ufx
2
vulnerability VCID-babh-856u-5qcj
3
vulnerability VCID-bgn1-6ac8-53b2
4
vulnerability VCID-bj2c-k1hr-nycy
5
vulnerability VCID-cqqh-wp8z-jua2
6
vulnerability VCID-g7v6-tmrk-tuer
7
vulnerability VCID-grt2-a9zv-gkck
8
vulnerability VCID-gxag-kxb4-n7ge
9
vulnerability VCID-jmcf-m398-pqec
10
vulnerability VCID-jnfq-u9wb-k7dq
11
vulnerability VCID-mm3u-4acx-e3hj
12
vulnerability VCID-n9ad-a71z-vfeh
13
vulnerability VCID-u3p9-su6e-efbw
14
vulnerability VCID-uwnc-5qk4-eqgw
15
vulnerability VCID-uxfk-98ce-hfe8
16
vulnerability VCID-y1sd-wp8g-afcn
17
vulnerability VCID-y5yt-6b5k-6yar
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.4.0
Affected_packages
0
url pkg:maven/org.apache.nifi/nifi@1.0.0
purl pkg:maven/org.apache.nifi/nifi@1.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ps4-jf7z-nqf1
1
vulnerability VCID-49kq-6d3w-1ufx
2
vulnerability VCID-5yn9-8juq-mkd9
3
vulnerability VCID-8ybn-5kck-d7fz
4
vulnerability VCID-ae8p-8yge-xbbs
5
vulnerability VCID-bgn1-6ac8-53b2
6
vulnerability VCID-bj2c-k1hr-nycy
7
vulnerability VCID-cqqh-wp8z-jua2
8
vulnerability VCID-e3tg-8rmu-9ucb
9
vulnerability VCID-gxag-kxb4-n7ge
10
vulnerability VCID-jmcf-m398-pqec
11
vulnerability VCID-jnfq-u9wb-k7dq
12
vulnerability VCID-mm3u-4acx-e3hj
13
vulnerability VCID-n9ad-a71z-vfeh
14
vulnerability VCID-ty4z-t2su-muc6
15
vulnerability VCID-u3p9-su6e-efbw
16
vulnerability VCID-uwnc-5qk4-eqgw
17
vulnerability VCID-uxfk-98ce-hfe8
18
vulnerability VCID-y1sd-wp8g-afcn
19
vulnerability VCID-y5yt-6b5k-6yar
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.0.0
1
url pkg:maven/org.apache.nifi/nifi@1.0.1
purl pkg:maven/org.apache.nifi/nifi@1.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ps4-jf7z-nqf1
1
vulnerability VCID-49kq-6d3w-1ufx
2
vulnerability VCID-5yn9-8juq-mkd9
3
vulnerability VCID-8ybn-5kck-d7fz
4
vulnerability VCID-bgn1-6ac8-53b2
5
vulnerability VCID-bj2c-k1hr-nycy
6
vulnerability VCID-cqqh-wp8z-jua2
7
vulnerability VCID-e3tg-8rmu-9ucb
8
vulnerability VCID-gxag-kxb4-n7ge
9
vulnerability VCID-jmcf-m398-pqec
10
vulnerability VCID-jnfq-u9wb-k7dq
11
vulnerability VCID-mm3u-4acx-e3hj
12
vulnerability VCID-n9ad-a71z-vfeh
13
vulnerability VCID-ty4z-t2su-muc6
14
vulnerability VCID-u3p9-su6e-efbw
15
vulnerability VCID-uwnc-5qk4-eqgw
16
vulnerability VCID-uxfk-98ce-hfe8
17
vulnerability VCID-y1sd-wp8g-afcn
18
vulnerability VCID-y5yt-6b5k-6yar
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.0.1
2
url pkg:maven/org.apache.nifi/nifi@1.1.0
purl pkg:maven/org.apache.nifi/nifi@1.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ps4-jf7z-nqf1
1
vulnerability VCID-49kq-6d3w-1ufx
2
vulnerability VCID-5yn9-8juq-mkd9
3
vulnerability VCID-8ybn-5kck-d7fz
4
vulnerability VCID-bgn1-6ac8-53b2
5
vulnerability VCID-bj2c-k1hr-nycy
6
vulnerability VCID-cqqh-wp8z-jua2
7
vulnerability VCID-e3tg-8rmu-9ucb
8
vulnerability VCID-gxag-kxb4-n7ge
9
vulnerability VCID-jmcf-m398-pqec
10
vulnerability VCID-jnfq-u9wb-k7dq
11
vulnerability VCID-m99c-5n4v-w7ec
12
vulnerability VCID-mm3u-4acx-e3hj
13
vulnerability VCID-n9ad-a71z-vfeh
14
vulnerability VCID-r6wb-vjgp-tubn
15
vulnerability VCID-ty4z-t2su-muc6
16
vulnerability VCID-u3p9-su6e-efbw
17
vulnerability VCID-uwnc-5qk4-eqgw
18
vulnerability VCID-uxfk-98ce-hfe8
19
vulnerability VCID-y1sd-wp8g-afcn
20
vulnerability VCID-y5yt-6b5k-6yar
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.1.0
3
url pkg:maven/org.apache.nifi/nifi@1.1.1
purl pkg:maven/org.apache.nifi/nifi@1.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ps4-jf7z-nqf1
1
vulnerability VCID-49kq-6d3w-1ufx
2
vulnerability VCID-5yn9-8juq-mkd9
3
vulnerability VCID-bgn1-6ac8-53b2
4
vulnerability VCID-bj2c-k1hr-nycy
5
vulnerability VCID-cqqh-wp8z-jua2
6
vulnerability VCID-e3tg-8rmu-9ucb
7
vulnerability VCID-gxag-kxb4-n7ge
8
vulnerability VCID-jmcf-m398-pqec
9
vulnerability VCID-jnfq-u9wb-k7dq
10
vulnerability VCID-m99c-5n4v-w7ec
11
vulnerability VCID-mm3u-4acx-e3hj
12
vulnerability VCID-n9ad-a71z-vfeh
13
vulnerability VCID-r6wb-vjgp-tubn
14
vulnerability VCID-ty4z-t2su-muc6
15
vulnerability VCID-u3p9-su6e-efbw
16
vulnerability VCID-uwnc-5qk4-eqgw
17
vulnerability VCID-uxfk-98ce-hfe8
18
vulnerability VCID-y1sd-wp8g-afcn
19
vulnerability VCID-y5yt-6b5k-6yar
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.1.1
4
url pkg:maven/org.apache.nifi/nifi@1.1.2
purl pkg:maven/org.apache.nifi/nifi@1.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ps4-jf7z-nqf1
1
vulnerability VCID-49kq-6d3w-1ufx
2
vulnerability VCID-5yn9-8juq-mkd9
3
vulnerability VCID-bgn1-6ac8-53b2
4
vulnerability VCID-bj2c-k1hr-nycy
5
vulnerability VCID-cqqh-wp8z-jua2
6
vulnerability VCID-e3tg-8rmu-9ucb
7
vulnerability VCID-gxag-kxb4-n7ge
8
vulnerability VCID-jmcf-m398-pqec
9
vulnerability VCID-jnfq-u9wb-k7dq
10
vulnerability VCID-mm3u-4acx-e3hj
11
vulnerability VCID-n9ad-a71z-vfeh
12
vulnerability VCID-ty4z-t2su-muc6
13
vulnerability VCID-u3p9-su6e-efbw
14
vulnerability VCID-uwnc-5qk4-eqgw
15
vulnerability VCID-uxfk-98ce-hfe8
16
vulnerability VCID-y1sd-wp8g-afcn
17
vulnerability VCID-y5yt-6b5k-6yar
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.1.2
5
url pkg:maven/org.apache.nifi/nifi@1.2.0
purl pkg:maven/org.apache.nifi/nifi@1.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ps4-jf7z-nqf1
1
vulnerability VCID-49kq-6d3w-1ufx
2
vulnerability VCID-5yn9-8juq-mkd9
3
vulnerability VCID-bgn1-6ac8-53b2
4
vulnerability VCID-bj2c-k1hr-nycy
5
vulnerability VCID-cqqh-wp8z-jua2
6
vulnerability VCID-e3tg-8rmu-9ucb
7
vulnerability VCID-grt2-a9zv-gkck
8
vulnerability VCID-gxag-kxb4-n7ge
9
vulnerability VCID-jmcf-m398-pqec
10
vulnerability VCID-jnfq-u9wb-k7dq
11
vulnerability VCID-mm3u-4acx-e3hj
12
vulnerability VCID-n9ad-a71z-vfeh
13
vulnerability VCID-ty4z-t2su-muc6
14
vulnerability VCID-u3p9-su6e-efbw
15
vulnerability VCID-uwnc-5qk4-eqgw
16
vulnerability VCID-uxfk-98ce-hfe8
17
vulnerability VCID-y1sd-wp8g-afcn
18
vulnerability VCID-y5yt-6b5k-6yar
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.2.0
6
url pkg:maven/org.apache.nifi/nifi@1.3.0
purl pkg:maven/org.apache.nifi/nifi@1.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ps4-jf7z-nqf1
1
vulnerability VCID-49kq-6d3w-1ufx
2
vulnerability VCID-babh-856u-5qcj
3
vulnerability VCID-bgn1-6ac8-53b2
4
vulnerability VCID-bj2c-k1hr-nycy
5
vulnerability VCID-cqqh-wp8z-jua2
6
vulnerability VCID-e3tg-8rmu-9ucb
7
vulnerability VCID-g7v6-tmrk-tuer
8
vulnerability VCID-grt2-a9zv-gkck
9
vulnerability VCID-gxag-kxb4-n7ge
10
vulnerability VCID-jmcf-m398-pqec
11
vulnerability VCID-jnfq-u9wb-k7dq
12
vulnerability VCID-mm3u-4acx-e3hj
13
vulnerability VCID-n9ad-a71z-vfeh
14
vulnerability VCID-u3p9-su6e-efbw
15
vulnerability VCID-uwnc-5qk4-eqgw
16
vulnerability VCID-uxfk-98ce-hfe8
17
vulnerability VCID-y1sd-wp8g-afcn
18
vulnerability VCID-y5yt-6b5k-6yar
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.3.0
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12623
reference_id
reference_type
scores
0
value 0.00299
scoring_system epss
scoring_elements 0.5354
published_at 2026-06-04T12:55:00Z
1
value 0.00299
scoring_system epss
scoring_elements 0.53607
published_at 2026-06-06T12:55:00Z
2
value 0.00299
scoring_system epss
scoring_elements 0.53598
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12623
1
reference_url https://nifi.apache.org/security.html#CVE-2017-12623
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security.html#CVE-2017-12623
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12623
reference_id CVE-2017-12623
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12623
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 611
name Improper Restriction of XML External Entity Reference
description The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-e3tg-8rmu-9ucb