Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-gg7c-f154-5bge

Summary Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

Aliases

alias	CVE-2018-1309

alias	GHSA-42wx-65g4-5cxv

Fixed_packages

url pkg:maven/org.apache.nifi/nifi-standard-processors@1.6.0

purl pkg:maven/org.apache.nifi/nifi-standard-processors@1.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@1.6.0

Affected_packages

url pkg:maven/org.apache.nifi/nifi-standard-processors@0.0.1-incubating

purl pkg:maven/org.apache.nifi/nifi-standard-processors@0.0.1-incubating

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@0.0.1-incubating

url pkg:maven/org.apache.nifi/nifi-standard-processors@0.0.2-incubating

purl pkg:maven/org.apache.nifi/nifi-standard-processors@0.0.2-incubating

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@0.0.2-incubating

url pkg:maven/org.apache.nifi/nifi-standard-processors@0.1.0

purl pkg:maven/org.apache.nifi/nifi-standard-processors@0.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@0.1.0

url pkg:maven/org.apache.nifi/nifi-standard-processors@0.1.0-incubating

purl pkg:maven/org.apache.nifi/nifi-standard-processors@0.1.0-incubating

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@0.1.0-incubating

url pkg:maven/org.apache.nifi/nifi-standard-processors@0.2.0-incubating

purl pkg:maven/org.apache.nifi/nifi-standard-processors@0.2.0-incubating

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@0.2.0-incubating

url pkg:maven/org.apache.nifi/nifi-standard-processors@0.2.1

purl pkg:maven/org.apache.nifi/nifi-standard-processors@0.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@0.2.1

url pkg:maven/org.apache.nifi/nifi-standard-processors@0.3.0

purl pkg:maven/org.apache.nifi/nifi-standard-processors@0.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@0.3.0

url pkg:maven/org.apache.nifi/nifi-standard-processors@0.4.0

purl pkg:maven/org.apache.nifi/nifi-standard-processors@0.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@0.4.0

url pkg:maven/org.apache.nifi/nifi-standard-processors@0.4.1

purl pkg:maven/org.apache.nifi/nifi-standard-processors@0.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@0.4.1

url pkg:maven/org.apache.nifi/nifi-standard-processors@0.5.0

purl pkg:maven/org.apache.nifi/nifi-standard-processors@0.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@0.5.0

url pkg:maven/org.apache.nifi/nifi-standard-processors@0.5.1

purl pkg:maven/org.apache.nifi/nifi-standard-processors@0.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@0.5.1

url pkg:maven/org.apache.nifi/nifi-standard-processors@0.6.0

purl pkg:maven/org.apache.nifi/nifi-standard-processors@0.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@0.6.0

url pkg:maven/org.apache.nifi/nifi-standard-processors@0.6.1

purl pkg:maven/org.apache.nifi/nifi-standard-processors@0.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@0.6.1

url pkg:maven/org.apache.nifi/nifi-standard-processors@0.7.0

purl pkg:maven/org.apache.nifi/nifi-standard-processors@0.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@0.7.0

url pkg:maven/org.apache.nifi/nifi-standard-processors@0.7.1

purl pkg:maven/org.apache.nifi/nifi-standard-processors@0.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@0.7.1

url pkg:maven/org.apache.nifi/nifi-standard-processors@0.7.2

purl pkg:maven/org.apache.nifi/nifi-standard-processors@0.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@0.7.2

url pkg:maven/org.apache.nifi/nifi-standard-processors@0.7.3

purl pkg:maven/org.apache.nifi/nifi-standard-processors@0.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@0.7.3

url pkg:maven/org.apache.nifi/nifi-standard-processors@0.7.4

purl pkg:maven/org.apache.nifi/nifi-standard-processors@0.7.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@0.7.4

url pkg:maven/org.apache.nifi/nifi-standard-processors@1.0.0-BETA

purl pkg:maven/org.apache.nifi/nifi-standard-processors@1.0.0-BETA

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@1.0.0-BETA

url pkg:maven/org.apache.nifi/nifi-standard-processors@1.0.0

purl pkg:maven/org.apache.nifi/nifi-standard-processors@1.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@1.0.0

url pkg:maven/org.apache.nifi/nifi-standard-processors@1.0.1

purl pkg:maven/org.apache.nifi/nifi-standard-processors@1.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@1.0.1

url pkg:maven/org.apache.nifi/nifi-standard-processors@1.1.0

purl pkg:maven/org.apache.nifi/nifi-standard-processors@1.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@1.1.0

url pkg:maven/org.apache.nifi/nifi-standard-processors@1.1.1

purl pkg:maven/org.apache.nifi/nifi-standard-processors@1.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@1.1.1

url pkg:maven/org.apache.nifi/nifi-standard-processors@1.1.2

purl pkg:maven/org.apache.nifi/nifi-standard-processors@1.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@1.1.2

url pkg:maven/org.apache.nifi/nifi-standard-processors@1.2.0

purl pkg:maven/org.apache.nifi/nifi-standard-processors@1.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@1.2.0

url pkg:maven/org.apache.nifi/nifi-standard-processors@1.3.0

purl pkg:maven/org.apache.nifi/nifi-standard-processors@1.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@1.3.0

url pkg:maven/org.apache.nifi/nifi-standard-processors@1.4.0

purl pkg:maven/org.apache.nifi/nifi-standard-processors@1.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@1.4.0

url pkg:maven/org.apache.nifi/nifi-standard-processors@1.5.0

purl pkg:maven/org.apache.nifi/nifi-standard-processors@1.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg7c-f154-5bge

vulnerability	VCID-rv8f-q4a4-xqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-standard-processors@1.5.0

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1309

reference_id

reference_type

scores

value	0.03674
scoring_system	epss
scoring_elements	0.87913
published_at	2026-04-13T12:55:00Z

value	0.03674
scoring_system	epss
scoring_elements	0.87925
published_at	2026-04-21T12:55:00Z

value	0.03674
scoring_system	epss
scoring_elements	0.87854
published_at	2026-04-01T12:55:00Z

value	0.03674
scoring_system	epss
scoring_elements	0.87926
published_at	2026-04-18T12:55:00Z

value	0.03674
scoring_system	epss
scoring_elements	0.87864
published_at	2026-04-02T12:55:00Z

value	0.03674
scoring_system	epss
scoring_elements	0.87877
published_at	2026-04-04T12:55:00Z

value	0.03674
scoring_system	epss
scoring_elements	0.87881
published_at	2026-04-07T12:55:00Z

value	0.03674
scoring_system	epss
scoring_elements	0.87903
published_at	2026-04-08T12:55:00Z

value	0.03674
scoring_system	epss
scoring_elements	0.87909
published_at	2026-04-09T12:55:00Z

value	0.03674
scoring_system	epss
scoring_elements	0.8792
published_at	2026-04-11T12:55:00Z

value	0.03674
scoring_system	epss
scoring_elements	0.87927
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1309

reference_url

https://github.com/apache/nifi

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/nifi

reference_url

https://github.com/apache/nifi/commit/28067a29fd13cdf8e21b440fc65c6dd67872522f

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/nifi/commit/28067a29fd13cdf8e21b440fc65c6dd67872522f

reference_url

https://issues.apache.org/jira/browse/NIFI-4869

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/NIFI-4869

reference_url

https://nifi.apache.org/security.html#CVE-2018-1309

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nifi.apache.org/security.html#CVE-2018-1309

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:nifi::::::::
reference_id	cpe:2.3:a:apache:nifi::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:nifi::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1309

reference_id

CVE-2018-1309

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1309

reference_url

https://github.com/advisories/GHSA-42wx-65g4-5cxv

reference_id

GHSA-42wx-65g4-5cxv

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-42wx-65g4-5cxv

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	611
name	Improper Restriction of XML External Entity Reference
description	The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 7.5 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gg7c-f154-5bge

Vulnerability Instance