Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-y1sd-wp8g-afcn
Summary
Cross-Site Request Forgery (CSRF)
The template upload API endpoint accepts requests from different domain when sent in conjunction with ARP spoofing + man in the middle (MiTM) attack, resulting in a CSRF attack.
Aliases
0
alias CVE-2018-17195
1
alias GHSA-3jq8-jg75-rqv6
Fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.8.0
purl pkg:maven/org.apache.nifi/nifi@1.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qkvt-fdp4-uyd6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.8.0
Affected_packages
0
url pkg:maven/org.apache.nifi/nifi@1.0.0
purl pkg:maven/org.apache.nifi/nifi@1.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ps4-jf7z-nqf1
1
vulnerability VCID-49kq-6d3w-1ufx
2
vulnerability VCID-5yn9-8juq-mkd9
3
vulnerability VCID-8ybn-5kck-d7fz
4
vulnerability VCID-bgn1-6ac8-53b2
5
vulnerability VCID-bj2c-k1hr-nycy
6
vulnerability VCID-cqqh-wp8z-jua2
7
vulnerability VCID-e3tg-8rmu-9ucb
8
vulnerability VCID-gxag-kxb4-n7ge
9
vulnerability VCID-jnfq-u9wb-k7dq
10
vulnerability VCID-ty4z-t2su-muc6
11
vulnerability VCID-uxfk-98ce-hfe8
12
vulnerability VCID-y1sd-wp8g-afcn
13
vulnerability VCID-y5yt-6b5k-6yar
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.0.0
1
url pkg:maven/org.apache.nifi/nifi@1.0.1
purl pkg:maven/org.apache.nifi/nifi@1.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ps4-jf7z-nqf1
1
vulnerability VCID-49kq-6d3w-1ufx
2
vulnerability VCID-5yn9-8juq-mkd9
3
vulnerability VCID-8ybn-5kck-d7fz
4
vulnerability VCID-cqqh-wp8z-jua2
5
vulnerability VCID-e3tg-8rmu-9ucb
6
vulnerability VCID-jnfq-u9wb-k7dq
7
vulnerability VCID-ty4z-t2su-muc6
8
vulnerability VCID-uxfk-98ce-hfe8
9
vulnerability VCID-y1sd-wp8g-afcn
10
vulnerability VCID-y5yt-6b5k-6yar
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.0.1
2
url pkg:maven/org.apache.nifi/nifi@1.1.0
purl pkg:maven/org.apache.nifi/nifi@1.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ps4-jf7z-nqf1
1
vulnerability VCID-49kq-6d3w-1ufx
2
vulnerability VCID-5yn9-8juq-mkd9
3
vulnerability VCID-8ybn-5kck-d7fz
4
vulnerability VCID-cqqh-wp8z-jua2
5
vulnerability VCID-e3tg-8rmu-9ucb
6
vulnerability VCID-jnfq-u9wb-k7dq
7
vulnerability VCID-m99c-5n4v-w7ec
8
vulnerability VCID-r6wb-vjgp-tubn
9
vulnerability VCID-ty4z-t2su-muc6
10
vulnerability VCID-uxfk-98ce-hfe8
11
vulnerability VCID-y1sd-wp8g-afcn
12
vulnerability VCID-y5yt-6b5k-6yar
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.1.0
3
url pkg:maven/org.apache.nifi/nifi@1.1.1
purl pkg:maven/org.apache.nifi/nifi@1.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ps4-jf7z-nqf1
1
vulnerability VCID-49kq-6d3w-1ufx
2
vulnerability VCID-5yn9-8juq-mkd9
3
vulnerability VCID-cqqh-wp8z-jua2
4
vulnerability VCID-e3tg-8rmu-9ucb
5
vulnerability VCID-jnfq-u9wb-k7dq
6
vulnerability VCID-m99c-5n4v-w7ec
7
vulnerability VCID-r6wb-vjgp-tubn
8
vulnerability VCID-ty4z-t2su-muc6
9
vulnerability VCID-uxfk-98ce-hfe8
10
vulnerability VCID-y1sd-wp8g-afcn
11
vulnerability VCID-y5yt-6b5k-6yar
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.1.1
4
url pkg:maven/org.apache.nifi/nifi@1.1.2
purl pkg:maven/org.apache.nifi/nifi@1.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ps4-jf7z-nqf1
1
vulnerability VCID-49kq-6d3w-1ufx
2
vulnerability VCID-5yn9-8juq-mkd9
3
vulnerability VCID-cqqh-wp8z-jua2
4
vulnerability VCID-e3tg-8rmu-9ucb
5
vulnerability VCID-jnfq-u9wb-k7dq
6
vulnerability VCID-ty4z-t2su-muc6
7
vulnerability VCID-uxfk-98ce-hfe8
8
vulnerability VCID-y1sd-wp8g-afcn
9
vulnerability VCID-y5yt-6b5k-6yar
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.1.2
5
url pkg:maven/org.apache.nifi/nifi@1.2.0
purl pkg:maven/org.apache.nifi/nifi@1.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ps4-jf7z-nqf1
1
vulnerability VCID-49kq-6d3w-1ufx
2
vulnerability VCID-5yn9-8juq-mkd9
3
vulnerability VCID-cqqh-wp8z-jua2
4
vulnerability VCID-e3tg-8rmu-9ucb
5
vulnerability VCID-grt2-a9zv-gkck
6
vulnerability VCID-jnfq-u9wb-k7dq
7
vulnerability VCID-ty4z-t2su-muc6
8
vulnerability VCID-uxfk-98ce-hfe8
9
vulnerability VCID-y1sd-wp8g-afcn
10
vulnerability VCID-y5yt-6b5k-6yar
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.2.0
6
url pkg:maven/org.apache.nifi/nifi@1.3.0
purl pkg:maven/org.apache.nifi/nifi@1.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ps4-jf7z-nqf1
1
vulnerability VCID-49kq-6d3w-1ufx
2
vulnerability VCID-babh-856u-5qcj
3
vulnerability VCID-cqqh-wp8z-jua2
4
vulnerability VCID-e3tg-8rmu-9ucb
5
vulnerability VCID-g7v6-tmrk-tuer
6
vulnerability VCID-jnfq-u9wb-k7dq
7
vulnerability VCID-uxfk-98ce-hfe8
8
vulnerability VCID-y1sd-wp8g-afcn
9
vulnerability VCID-y5yt-6b5k-6yar
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.3.0
7
url pkg:maven/org.apache.nifi/nifi@1.4.0
purl pkg:maven/org.apache.nifi/nifi@1.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ps4-jf7z-nqf1
1
vulnerability VCID-49kq-6d3w-1ufx
2
vulnerability VCID-cqqh-wp8z-jua2
3
vulnerability VCID-jnfq-u9wb-k7dq
4
vulnerability VCID-uxfk-98ce-hfe8
5
vulnerability VCID-y1sd-wp8g-afcn
6
vulnerability VCID-y5yt-6b5k-6yar
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.4.0
8
url pkg:maven/org.apache.nifi/nifi@1.5.0
purl pkg:maven/org.apache.nifi/nifi@1.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49kq-6d3w-1ufx
1
vulnerability VCID-uxfk-98ce-hfe8
2
vulnerability VCID-y1sd-wp8g-afcn
3
vulnerability VCID-y5yt-6b5k-6yar
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.5.0
9
url pkg:maven/org.apache.nifi/nifi@1.6.0
purl pkg:maven/org.apache.nifi/nifi@1.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49kq-6d3w-1ufx
1
vulnerability VCID-uxfk-98ce-hfe8
2
vulnerability VCID-y1sd-wp8g-afcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.6.0
10
url pkg:maven/org.apache.nifi/nifi@1.7.0
purl pkg:maven/org.apache.nifi/nifi@1.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7t7w-fq26-auc7
1
vulnerability VCID-uxfk-98ce-hfe8
2
vulnerability VCID-y1sd-wp8g-afcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.7.0
11
url pkg:maven/org.apache.nifi/nifi@1.7.1
purl pkg:maven/org.apache.nifi/nifi@1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-uxfk-98ce-hfe8
1
vulnerability VCID-y1sd-wp8g-afcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.7.1
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-17195
reference_id
reference_type
scores
0
value 0.00364
scoring_system epss
scoring_elements 0.58718
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-17195
1
reference_url https://github.com/advisories/GHSA-3jq8-jg75-rqv6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-3jq8-jg75-rqv6
2
reference_url https://github.com/apache/nifi/commit/246c090526143943557b15868db6e8fe3fb30cf6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/246c090526143943557b15868db6e8fe3fb30cf6
3
reference_url https://issues.apache.org/jira/browse/NIFI-5595
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/NIFI-5595
4
reference_url https://nifi.apache.org/security.html#CVE-2018-17195
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security.html#CVE-2018-17195
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-17195
reference_id CVE-2018-17195
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-17195
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 319
name Cleartext Transmission of Sensitive Information
description The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
2
cwe_id 863
name Incorrect Authorization
description The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
3
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-y1sd-wp8g-afcn