Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-rj21-6d19-gqbe
SummaryThe X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consistently apply the security headers was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release.
Aliases
0
alias CVE-2018-17192
1
alias GHSA-2xpp-75vr-22vq
Fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.7.0
purl pkg:maven/org.apache.nifi/nifi@1.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dsr-hras-zudk
1
vulnerability VCID-2ema-4jrp-3kfr
2
vulnerability VCID-3eka-p4cs-f3dz
3
vulnerability VCID-4v3d-ugqf-uyag
4
vulnerability VCID-6mt2-4tn4-5bcb
5
vulnerability VCID-bppj-knks-jybe
6
vulnerability VCID-bpqd-tx8f-kycf
7
vulnerability VCID-ec58-s3nd-7yaz
8
vulnerability VCID-g74u-zmqj-gyb7
9
vulnerability VCID-gqjq-sbf1-x7ew
10
vulnerability VCID-hy35-v2p5-2ycq
11
vulnerability VCID-rn4r-36ab-sfey
12
vulnerability VCID-rv8f-q4a4-xqbk
13
vulnerability VCID-yrgr-3cv3-b3ff
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.7.0
1
url pkg:maven/org.apache.nifi/nifi@1.8.0
purl pkg:maven/org.apache.nifi/nifi@1.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ema-4jrp-3kfr
1
vulnerability VCID-3eka-p4cs-f3dz
2
vulnerability VCID-4uja-72yx-6qdc
3
vulnerability VCID-4v3d-ugqf-uyag
4
vulnerability VCID-bppj-knks-jybe
5
vulnerability VCID-bpqd-tx8f-kycf
6
vulnerability VCID-ec58-s3nd-7yaz
7
vulnerability VCID-g74u-zmqj-gyb7
8
vulnerability VCID-gqjq-sbf1-x7ew
9
vulnerability VCID-hy35-v2p5-2ycq
10
vulnerability VCID-rn4r-36ab-sfey
11
vulnerability VCID-rv8f-q4a4-xqbk
12
vulnerability VCID-yrgr-3cv3-b3ff
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.8.0
Affected_packages
0
url pkg:maven/org.apache.nifi/nifi@1.0.0
purl pkg:maven/org.apache.nifi/nifi@1.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hne-dn7f-4yfy
1
vulnerability VCID-2dsr-hras-zudk
2
vulnerability VCID-2ema-4jrp-3kfr
3
vulnerability VCID-3eka-p4cs-f3dz
4
vulnerability VCID-3rp1-pc25-euhm
5
vulnerability VCID-4fnm-bxv8-vqhz
6
vulnerability VCID-6mt2-4tn4-5bcb
7
vulnerability VCID-bppj-knks-jybe
8
vulnerability VCID-bpqd-tx8f-kycf
9
vulnerability VCID-cg2v-phw4-ake2
10
vulnerability VCID-gqjq-sbf1-x7ew
11
vulnerability VCID-hy35-v2p5-2ycq
12
vulnerability VCID-j263-1hyr-t7hn
13
vulnerability VCID-k1bm-1u7b-vybp
14
vulnerability VCID-r9su-47z6-x7cw
15
vulnerability VCID-rj21-6d19-gqbe
16
vulnerability VCID-rjau-hbsn-u3ah
17
vulnerability VCID-rn4r-36ab-sfey
18
vulnerability VCID-rv8f-q4a4-xqbk
19
vulnerability VCID-tnfn-2kzc-rugx
20
vulnerability VCID-w18h-3c8s-s3eq
21
vulnerability VCID-xv8d-3nef-dygg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.0.0
1
url pkg:maven/org.apache.nifi/nifi@1.0.1
purl pkg:maven/org.apache.nifi/nifi@1.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dsr-hras-zudk
1
vulnerability VCID-2ema-4jrp-3kfr
2
vulnerability VCID-3eka-p4cs-f3dz
3
vulnerability VCID-3rp1-pc25-euhm
4
vulnerability VCID-4fnm-bxv8-vqhz
5
vulnerability VCID-6mt2-4tn4-5bcb
6
vulnerability VCID-bppj-knks-jybe
7
vulnerability VCID-bpqd-tx8f-kycf
8
vulnerability VCID-gqjq-sbf1-x7ew
9
vulnerability VCID-hy35-v2p5-2ycq
10
vulnerability VCID-j263-1hyr-t7hn
11
vulnerability VCID-k1bm-1u7b-vybp
12
vulnerability VCID-r9su-47z6-x7cw
13
vulnerability VCID-rj21-6d19-gqbe
14
vulnerability VCID-rjau-hbsn-u3ah
15
vulnerability VCID-rn4r-36ab-sfey
16
vulnerability VCID-rv8f-q4a4-xqbk
17
vulnerability VCID-tnfn-2kzc-rugx
18
vulnerability VCID-w18h-3c8s-s3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.0.1
2
url pkg:maven/org.apache.nifi/nifi@1.1.0
purl pkg:maven/org.apache.nifi/nifi@1.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hne-dn7f-4yfy
1
vulnerability VCID-2dsr-hras-zudk
2
vulnerability VCID-2ema-4jrp-3kfr
3
vulnerability VCID-3eka-p4cs-f3dz
4
vulnerability VCID-3rp1-pc25-euhm
5
vulnerability VCID-4fnm-bxv8-vqhz
6
vulnerability VCID-6mt2-4tn4-5bcb
7
vulnerability VCID-bppj-knks-jybe
8
vulnerability VCID-bpqd-tx8f-kycf
9
vulnerability VCID-gqjq-sbf1-x7ew
10
vulnerability VCID-hy35-v2p5-2ycq
11
vulnerability VCID-j263-1hyr-t7hn
12
vulnerability VCID-k1bm-1u7b-vybp
13
vulnerability VCID-r9su-47z6-x7cw
14
vulnerability VCID-rj21-6d19-gqbe
15
vulnerability VCID-rjau-hbsn-u3ah
16
vulnerability VCID-rn4r-36ab-sfey
17
vulnerability VCID-rv8f-q4a4-xqbk
18
vulnerability VCID-tnfn-2kzc-rugx
19
vulnerability VCID-w18h-3c8s-s3eq
20
vulnerability VCID-xv8d-3nef-dygg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.1.0
3
url pkg:maven/org.apache.nifi/nifi@1.1.1
purl pkg:maven/org.apache.nifi/nifi@1.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hne-dn7f-4yfy
1
vulnerability VCID-2dsr-hras-zudk
2
vulnerability VCID-2ema-4jrp-3kfr
3
vulnerability VCID-3eka-p4cs-f3dz
4
vulnerability VCID-3rp1-pc25-euhm
5
vulnerability VCID-6mt2-4tn4-5bcb
6
vulnerability VCID-bppj-knks-jybe
7
vulnerability VCID-bpqd-tx8f-kycf
8
vulnerability VCID-gqjq-sbf1-x7ew
9
vulnerability VCID-hy35-v2p5-2ycq
10
vulnerability VCID-j263-1hyr-t7hn
11
vulnerability VCID-k1bm-1u7b-vybp
12
vulnerability VCID-r9su-47z6-x7cw
13
vulnerability VCID-rj21-6d19-gqbe
14
vulnerability VCID-rjau-hbsn-u3ah
15
vulnerability VCID-rn4r-36ab-sfey
16
vulnerability VCID-rv8f-q4a4-xqbk
17
vulnerability VCID-tnfn-2kzc-rugx
18
vulnerability VCID-w18h-3c8s-s3eq
19
vulnerability VCID-xv8d-3nef-dygg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.1.1
4
url pkg:maven/org.apache.nifi/nifi@1.1.2
purl pkg:maven/org.apache.nifi/nifi@1.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dsr-hras-zudk
1
vulnerability VCID-2ema-4jrp-3kfr
2
vulnerability VCID-3eka-p4cs-f3dz
3
vulnerability VCID-3rp1-pc25-euhm
4
vulnerability VCID-6mt2-4tn4-5bcb
5
vulnerability VCID-bppj-knks-jybe
6
vulnerability VCID-bpqd-tx8f-kycf
7
vulnerability VCID-gqjq-sbf1-x7ew
8
vulnerability VCID-hy35-v2p5-2ycq
9
vulnerability VCID-j263-1hyr-t7hn
10
vulnerability VCID-k1bm-1u7b-vybp
11
vulnerability VCID-r9su-47z6-x7cw
12
vulnerability VCID-rj21-6d19-gqbe
13
vulnerability VCID-rjau-hbsn-u3ah
14
vulnerability VCID-rn4r-36ab-sfey
15
vulnerability VCID-rv8f-q4a4-xqbk
16
vulnerability VCID-tnfn-2kzc-rugx
17
vulnerability VCID-w18h-3c8s-s3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.1.2
5
url pkg:maven/org.apache.nifi/nifi@1.2.0
purl pkg:maven/org.apache.nifi/nifi@1.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dsr-hras-zudk
1
vulnerability VCID-2ema-4jrp-3kfr
2
vulnerability VCID-3eka-p4cs-f3dz
3
vulnerability VCID-3rp1-pc25-euhm
4
vulnerability VCID-6mt2-4tn4-5bcb
5
vulnerability VCID-bppj-knks-jybe
6
vulnerability VCID-bpqd-tx8f-kycf
7
vulnerability VCID-g74u-zmqj-gyb7
8
vulnerability VCID-gqjq-sbf1-x7ew
9
vulnerability VCID-hy35-v2p5-2ycq
10
vulnerability VCID-j263-1hyr-t7hn
11
vulnerability VCID-k1bm-1u7b-vybp
12
vulnerability VCID-r9su-47z6-x7cw
13
vulnerability VCID-rj21-6d19-gqbe
14
vulnerability VCID-rjau-hbsn-u3ah
15
vulnerability VCID-rn4r-36ab-sfey
16
vulnerability VCID-rv8f-q4a4-xqbk
17
vulnerability VCID-tnfn-2kzc-rugx
18
vulnerability VCID-w18h-3c8s-s3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.2.0
6
url pkg:maven/org.apache.nifi/nifi@1.3.0
purl pkg:maven/org.apache.nifi/nifi@1.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dsr-hras-zudk
1
vulnerability VCID-2ema-4jrp-3kfr
2
vulnerability VCID-3eka-p4cs-f3dz
3
vulnerability VCID-3rp1-pc25-euhm
4
vulnerability VCID-4v3d-ugqf-uyag
5
vulnerability VCID-6mt2-4tn4-5bcb
6
vulnerability VCID-bppj-knks-jybe
7
vulnerability VCID-bpqd-tx8f-kycf
8
vulnerability VCID-g74u-zmqj-gyb7
9
vulnerability VCID-gqjq-sbf1-x7ew
10
vulnerability VCID-hy35-v2p5-2ycq
11
vulnerability VCID-j263-1hyr-t7hn
12
vulnerability VCID-k1bm-1u7b-vybp
13
vulnerability VCID-rj21-6d19-gqbe
14
vulnerability VCID-rjau-hbsn-u3ah
15
vulnerability VCID-rn4r-36ab-sfey
16
vulnerability VCID-rv8f-q4a4-xqbk
17
vulnerability VCID-w18h-3c8s-s3eq
18
vulnerability VCID-yrgr-3cv3-b3ff
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.3.0
7
url pkg:maven/org.apache.nifi/nifi@1.4.0
purl pkg:maven/org.apache.nifi/nifi@1.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dsr-hras-zudk
1
vulnerability VCID-2ema-4jrp-3kfr
2
vulnerability VCID-3eka-p4cs-f3dz
3
vulnerability VCID-4v3d-ugqf-uyag
4
vulnerability VCID-6mt2-4tn4-5bcb
5
vulnerability VCID-bppj-knks-jybe
6
vulnerability VCID-bpqd-tx8f-kycf
7
vulnerability VCID-g74u-zmqj-gyb7
8
vulnerability VCID-gqjq-sbf1-x7ew
9
vulnerability VCID-hy35-v2p5-2ycq
10
vulnerability VCID-j263-1hyr-t7hn
11
vulnerability VCID-k1bm-1u7b-vybp
12
vulnerability VCID-rj21-6d19-gqbe
13
vulnerability VCID-rjau-hbsn-u3ah
14
vulnerability VCID-rn4r-36ab-sfey
15
vulnerability VCID-rv8f-q4a4-xqbk
16
vulnerability VCID-w18h-3c8s-s3eq
17
vulnerability VCID-yrgr-3cv3-b3ff
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.4.0
8
url pkg:maven/org.apache.nifi/nifi@1.5.0
purl pkg:maven/org.apache.nifi/nifi@1.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dsr-hras-zudk
1
vulnerability VCID-2ema-4jrp-3kfr
2
vulnerability VCID-3eka-p4cs-f3dz
3
vulnerability VCID-4v3d-ugqf-uyag
4
vulnerability VCID-6mt2-4tn4-5bcb
5
vulnerability VCID-bppj-knks-jybe
6
vulnerability VCID-bpqd-tx8f-kycf
7
vulnerability VCID-g74u-zmqj-gyb7
8
vulnerability VCID-gqjq-sbf1-x7ew
9
vulnerability VCID-hy35-v2p5-2ycq
10
vulnerability VCID-j263-1hyr-t7hn
11
vulnerability VCID-rj21-6d19-gqbe
12
vulnerability VCID-rn4r-36ab-sfey
13
vulnerability VCID-rv8f-q4a4-xqbk
14
vulnerability VCID-yrgr-3cv3-b3ff
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.5.0
9
url pkg:maven/org.apache.nifi/nifi@1.6.0
purl pkg:maven/org.apache.nifi/nifi@1.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dsr-hras-zudk
1
vulnerability VCID-2ema-4jrp-3kfr
2
vulnerability VCID-3eka-p4cs-f3dz
3
vulnerability VCID-4v3d-ugqf-uyag
4
vulnerability VCID-6mt2-4tn4-5bcb
5
vulnerability VCID-bppj-knks-jybe
6
vulnerability VCID-bpqd-tx8f-kycf
7
vulnerability VCID-g74u-zmqj-gyb7
8
vulnerability VCID-gqjq-sbf1-x7ew
9
vulnerability VCID-hy35-v2p5-2ycq
10
vulnerability VCID-rj21-6d19-gqbe
11
vulnerability VCID-rn4r-36ab-sfey
12
vulnerability VCID-rv8f-q4a4-xqbk
13
vulnerability VCID-yrgr-3cv3-b3ff
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.6.0
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-17192
reference_id
reference_type
scores
0
value 0.00798
scoring_system epss
scoring_elements 0.74063
published_at 2026-04-21T12:55:00Z
1
value 0.00798
scoring_system epss
scoring_elements 0.73974
published_at 2026-04-01T12:55:00Z
2
value 0.00798
scoring_system epss
scoring_elements 0.73981
published_at 2026-04-02T12:55:00Z
3
value 0.00798
scoring_system epss
scoring_elements 0.74007
published_at 2026-04-04T12:55:00Z
4
value 0.00798
scoring_system epss
scoring_elements 0.73978
published_at 2026-04-07T12:55:00Z
5
value 0.00798
scoring_system epss
scoring_elements 0.74012
published_at 2026-04-08T12:55:00Z
6
value 0.00798
scoring_system epss
scoring_elements 0.74026
published_at 2026-04-09T12:55:00Z
7
value 0.00798
scoring_system epss
scoring_elements 0.74049
published_at 2026-04-11T12:55:00Z
8
value 0.00798
scoring_system epss
scoring_elements 0.7403
published_at 2026-04-12T12:55:00Z
9
value 0.00798
scoring_system epss
scoring_elements 0.74023
published_at 2026-04-13T12:55:00Z
10
value 0.00798
scoring_system epss
scoring_elements 0.74062
published_at 2026-04-16T12:55:00Z
11
value 0.00798
scoring_system epss
scoring_elements 0.74071
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-17192
1
reference_url https://github.com/advisories/GHSA-2xpp-75vr-22vq
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-2xpp-75vr-22vq
2
reference_url https://github.com/apache/nifi/commit/dbf259508c2b8e176d8cb837177aaadbf44f0670
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/dbf259508c2b8e176d8cb837177aaadbf44f0670
3
reference_url https://issues.apache.org/jira/browse/NIFI-5258
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/NIFI-5258
4
reference_url https://nifi.apache.org/security.html#CVE-2018-17192
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security.html#CVE-2018-17192
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-17192
reference_id CVE-2018-17192
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-17192
Weaknesses
0
cwe_id 1021
name Improper Restriction of Rendered UI Layers or Frames
description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.
1
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-rj21-6d19-gqbe