Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-juu3-g6fp-1qhn
Summary
Incorrect Comparison
Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custom input formatting. The resolution enhances connection URL validation and introduces validation for additional related properties. Upgrading to Apache NiFi 1.23.1 is the recommended mitigation.
Aliases
0
alias CVE-2023-40037
1
alias GHSA-23qf-3jf9-h3q9
Fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.23.1
purl pkg:maven/org.apache.nifi/nifi@1.23.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.23.1
1
url pkg:maven/org.apache.nifi/nifi-dbcp-base@1.23.1
purl pkg:maven/org.apache.nifi/nifi-dbcp-base@1.23.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-dbcp-base@1.23.1
2
url pkg:maven/org.apache.nifi/nifi-dbcp-service-api@1.23.1
purl pkg:maven/org.apache.nifi/nifi-dbcp-service-api@1.23.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-dbcp-service-api@1.23.1
3
url pkg:maven/org.apache.nifi/nifi-dbcp-service-bundle@1.23.1
purl pkg:maven/org.apache.nifi/nifi-dbcp-service-bundle@1.23.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-dbcp-service-bundle@1.23.1
4
url pkg:maven/org.apache.nifi/nifi-jms-processors@1.23.1
purl pkg:maven/org.apache.nifi/nifi-jms-processors@1.23.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-jms-processors@1.23.1
Affected_packages
0
url pkg:maven/org.apache.nifi/nifi@1.21.0
purl pkg:maven/org.apache.nifi/nifi@1.21.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-juu3-g6fp-1qhn
1
vulnerability VCID-qkvt-fdp4-uyd6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.21.0
1
url pkg:maven/org.apache.nifi/nifi-dbcp-base@1.21.0
purl pkg:maven/org.apache.nifi/nifi-dbcp-base@1.21.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-juu3-g6fp-1qhn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-dbcp-base@1.21.0
2
url pkg:maven/org.apache.nifi/nifi-dbcp-service-api@1.21.0
purl pkg:maven/org.apache.nifi/nifi-dbcp-service-api@1.21.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-juu3-g6fp-1qhn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-dbcp-service-api@1.21.0
3
url pkg:maven/org.apache.nifi/nifi-dbcp-service-bundle@1.21.0
purl pkg:maven/org.apache.nifi/nifi-dbcp-service-bundle@1.21.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-juu3-g6fp-1qhn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-dbcp-service-bundle@1.21.0
4
url pkg:maven/org.apache.nifi/nifi-jms-processors@1.21.0
purl pkg:maven/org.apache.nifi/nifi-jms-processors@1.21.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-juu3-g6fp-1qhn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-jms-processors@1.21.0
References
0
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
url https://github.com/apache/nifi
1
reference_url https://github.com/apache/nifi/commit/064550aacc189f39d7ddd2c0446068adf250f1bf
reference_id
reference_type
scores
url https://github.com/apache/nifi/commit/064550aacc189f39d7ddd2c0446068adf250f1bf
2
reference_url https://github.com/apache/nifi/pull/7586
reference_id
reference_type
scores
url https://github.com/apache/nifi/pull/7586
3
reference_url https://issues.apache.org/jira/browse/NIFI-11920
reference_id
reference_type
scores
url https://issues.apache.org/jira/browse/NIFI-11920
4
reference_url https://lists.apache.org/thread/bqbjlrs2p5ghh8sbk5nsxb8xpf9l687q
reference_id
reference_type
scores
url https://lists.apache.org/thread/bqbjlrs2p5ghh8sbk5nsxb8xpf9l687q
5
reference_url https://nifi.apache.org/security.html#CVE-2023-40037
reference_id
reference_type
scores
url https://nifi.apache.org/security.html#CVE-2023-40037
6
reference_url http://www.openwall.com/lists/oss-security/2023/08/18/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/08/18/2
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-40037
reference_id CVE-2023-40037
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-40037
8
reference_url https://github.com/advisories/GHSA-23qf-3jf9-h3q9
reference_id GHSA-23qf-3jf9-h3q9
reference_type
scores
url https://github.com/advisories/GHSA-23qf-3jf9-h3q9
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 697
name Incorrect Comparison
description The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 184
name Incomplete List of Disallowed Inputs
description The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-juu3-g6fp-1qhn