Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.nifi/nifi@1.11.4
Typemaven
Namespaceorg.apache.nifi
Namenifi
Version1.11.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.24.0
Latest_non_vulnerable_version1.24.0
Affected_by_vulnerabilities
0
url VCID-4xmd-k2se-3ke6
vulnerability_id VCID-4xmd-k2se-3ke6
summary Missing Authentication for Critical Function in Apache NiFi
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9487
reference_id
reference_type
scores
0
value 0.00633
scoring_system epss
scoring_elements 0.70938
published_at 2026-06-12T12:55:00Z
1
value 0.00633
scoring_system epss
scoring_elements 0.70847
published_at 2026-06-11T12:55:00Z
2
value 0.00633
scoring_system epss
scoring_elements 0.70948
published_at 2026-06-14T12:55:00Z
3
value 0.00633
scoring_system epss
scoring_elements 0.7095
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9487
1
reference_url https://github.com/apache/nifi/commit/01e42dfb3291c3a3549023edadafd2d8023f3042
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/01e42dfb3291c3a3549023edadafd2d8023f3042
2
reference_url https://github.com/apache/nifi/pull/4271
reference_id
reference_type
scores
url https://github.com/apache/nifi/pull/4271
3
reference_url https://nifi.apache.org/security#CVE-2020-9487
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security#CVE-2020-9487
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9487
reference_id CVE-2020-9487
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9487
5
reference_url https://github.com/advisories/GHSA-3pp3-77j6-8ph6
reference_id GHSA-3pp3-77j6-8ph6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3pp3-77j6-8ph6
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.12.0-RC1
purl pkg:maven/org.apache.nifi/nifi@1.12.0-RC1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.12.0-RC1
aliases CVE-2020-9487, GHSA-3pp3-77j6-8ph6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4xmd-k2se-3ke6
1
url VCID-7ha3-fxfp-c7h5
vulnerability_id VCID-7ha3-fxfp-c7h5
summary Code injection in Apache NiFi and NiFi Registry
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-33140
reference_id
reference_type
scores
0
value 0.03884
scoring_system epss
scoring_elements 0.88556
published_at 2026-06-12T12:55:00Z
1
value 0.03884
scoring_system epss
scoring_elements 0.88517
published_at 2026-06-11T12:55:00Z
2
value 0.03884
scoring_system epss
scoring_elements 0.88562
published_at 2026-06-14T12:55:00Z
3
value 0.03884
scoring_system epss
scoring_elements 0.88563
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-33140
1
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
2
reference_url https://lists.apache.org/thread/bzs2pcdjsdrh5039oslmfr9mbs9qqdhr
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/bzs2pcdjsdrh5039oslmfr9mbs9qqdhr
3
reference_url https://nifi.apache.org/security.html#CVE-2022-33140
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security.html#CVE-2022-33140
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-33140
reference_id CVE-2022-33140
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-33140
5
reference_url https://github.com/advisories/GHSA-77hf-23pq-2g7c
reference_id GHSA-77hf-23pq-2g7c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-77hf-23pq-2g7c
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.16.3
purl pkg:maven/org.apache.nifi/nifi@1.16.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-avx3-b1dt-kkf9
1
vulnerability VCID-eteg-y529-n3a9
2
vulnerability VCID-habt-39ed-t3cg
3
vulnerability VCID-ncm3-587h-kuey
4
vulnerability VCID-tghs-efwb-4bhx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.16.3
aliases CVE-2022-33140, GHSA-77hf-23pq-2g7c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ha3-fxfp-c7h5
2
url VCID-93tf-j229-efbs
vulnerability_id VCID-93tf-j229-efbs
summary Improper Restriction of XML External Entity Reference in Apache NiFi
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13940
reference_id
reference_type
scores
0
value 0.0096
scoring_system epss
scoring_elements 0.76978
published_at 2026-06-12T12:55:00Z
1
value 0.0096
scoring_system epss
scoring_elements 0.76905
published_at 2026-06-11T12:55:00Z
2
value 0.0096
scoring_system epss
scoring_elements 0.76985
published_at 2026-06-14T12:55:00Z
3
value 0.0096
scoring_system epss
scoring_elements 0.76992
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13940
1
reference_url https://github.com/apache/nifi/commit/7f0416ee8bdcee95e28409cc6fae9c1394c2a798
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/7f0416ee8bdcee95e28409cc6fae9c1394c2a798
2
reference_url https://nifi.apache.org/security#CVE-2020-13940
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security#CVE-2020-13940
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13940
reference_id CVE-2020-13940
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13940
4
reference_url https://github.com/advisories/GHSA-q4xf-3pmq-3hw8
reference_id GHSA-q4xf-3pmq-3hw8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q4xf-3pmq-3hw8
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.12.0-RC1
purl pkg:maven/org.apache.nifi/nifi@1.12.0-RC1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.12.0-RC1
1
url pkg:maven/org.apache.nifi/nifi@1.12.0
purl pkg:maven/org.apache.nifi/nifi@1.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7ha3-fxfp-c7h5
1
vulnerability VCID-avx3-b1dt-kkf9
2
vulnerability VCID-eteg-y529-n3a9
3
vulnerability VCID-habt-39ed-t3cg
4
vulnerability VCID-ncm3-587h-kuey
5
vulnerability VCID-tghs-efwb-4bhx
6
vulnerability VCID-v42h-2qqy-nye9
7
vulnerability VCID-ydat-dxue-8kc4
8
vulnerability VCID-z2bz-49gp-uyft
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.12.0
aliases CVE-2020-13940, GHSA-q4xf-3pmq-3hw8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-93tf-j229-efbs
3
url VCID-a7ea-gvyk-mkhm
vulnerability_id VCID-a7ea-gvyk-mkhm
summary Inadequate Encryption Strength in Apache NiFi
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9491
reference_id
reference_type
scores
0
value 0.0132
scoring_system epss
scoring_elements 0.80355
published_at 2026-06-12T12:55:00Z
1
value 0.0132
scoring_system epss
scoring_elements 0.80294
published_at 2026-06-11T12:55:00Z
2
value 0.0132
scoring_system epss
scoring_elements 0.80363
published_at 2026-06-14T12:55:00Z
3
value 0.0132
scoring_system epss
scoring_elements 0.80371
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9491
1
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
2
reference_url https://github.com/apache/nifi/commit/441781cec50f77d9f1e65093f55bbd614b8c5ec6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/441781cec50f77d9f1e65093f55bbd614b8c5ec6
3
reference_url https://lists.apache.org/thread.html/r2d9c21f9ec35d66f2bb42f8abe876dabd786166b6284e9a33582c718@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2d9c21f9ec35d66f2bb42f8abe876dabd786166b6284e9a33582c718@%3Ccommits.nifi.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/re48582efe2ac973f8cff55c8b346825cb491c71935e15ab2d61ef3bf@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re48582efe2ac973f8cff55c8b346825cb491c71935e15ab2d61ef3bf@%3Ccommits.nifi.apache.org%3E
5
reference_url https://nifi.apache.org/security#CVE-2020-9491
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security#CVE-2020-9491
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9491
reference_id CVE-2020-9491
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9491
7
reference_url https://github.com/advisories/GHSA-rfmp-jvr7-hx78
reference_id GHSA-rfmp-jvr7-hx78
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rfmp-jvr7-hx78
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.12.0-RC1
purl pkg:maven/org.apache.nifi/nifi@1.12.0-RC1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.12.0-RC1
1
url pkg:maven/org.apache.nifi/nifi@1.12.0
purl pkg:maven/org.apache.nifi/nifi@1.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7ha3-fxfp-c7h5
1
vulnerability VCID-avx3-b1dt-kkf9
2
vulnerability VCID-eteg-y529-n3a9
3
vulnerability VCID-habt-39ed-t3cg
4
vulnerability VCID-ncm3-587h-kuey
5
vulnerability VCID-tghs-efwb-4bhx
6
vulnerability VCID-v42h-2qqy-nye9
7
vulnerability VCID-ydat-dxue-8kc4
8
vulnerability VCID-z2bz-49gp-uyft
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.12.0
aliases CVE-2020-9491, GHSA-rfmp-jvr7-hx78
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7ea-gvyk-mkhm
4
url VCID-avx3-b1dt-kkf9
vulnerability_id VCID-avx3-b1dt-kkf9
summary 
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.

The resolution validates the Database URL and rejects H2 JDBC locations.

You are recommended to upgrade to version 1.22.0 or later which fixes this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34468
reference_id
reference_type
scores
0
value 0.77647
scoring_system epss
scoring_elements 0.99017
published_at 2026-06-13T12:55:00Z
1
value 0.77647
scoring_system epss
scoring_elements 0.99018
published_at 2026-06-14T12:55:00Z
2
value 0.78065
scoring_system epss
scoring_elements 0.99038
published_at 2026-06-11T12:55:00Z
3
value 0.78065
scoring_system epss
scoring_elements 0.99042
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34468
1
reference_url https://exceptionfactory.com/posts/2023/10/07/firsthand-analysis-of-apache-nifi-vulnerability-cve-2023-34468
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://exceptionfactory.com/posts/2023/10/07/firsthand-analysis-of-apache-nifi-vulnerability-cve-2023-34468
2
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
3
reference_url https://github.com/apache/nifi/commit/4faf3ea59895e7e153db3f8f61147ff70a254361
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/4faf3ea59895e7e153db3f8f61147ff70a254361
4
reference_url https://github.com/apache/nifi/pull/7349
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/pull/7349
5
reference_url https://issues.apache.org/jira/browse/NIFI-11653
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/NIFI-11653
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34468
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34468
7
reference_url https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation
8
reference_url http://www.openwall.com/lists/oss-security/2023/06/12/3
reference_id 3
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/
url http://www.openwall.com/lists/oss-security/2023/06/12/3
9
reference_url https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8
reference_id 7b82l4f5blmpkfcynf3y6z4x1vqo59h8
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/
url https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8
10
reference_url https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/
reference_id apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/
url https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/
11
reference_url http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html
reference_id Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/
url http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html
12
reference_url https://github.com/advisories/GHSA-xm2m-2q6h-22jw
reference_id GHSA-xm2m-2q6h-22jw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xm2m-2q6h-22jw
13
reference_url https://nifi.apache.org/security.html#CVE-2023-34468
reference_id security.html#CVE-2023-34468
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/
url https://nifi.apache.org/security.html#CVE-2023-34468
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.22.0
purl pkg:maven/org.apache.nifi/nifi@1.22.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eteg-y529-n3a9
1
vulnerability VCID-tghs-efwb-4bhx
2
vulnerability VCID-w6eb-33t5-4uen
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.22.0
aliases CVE-2023-34468, GHSA-xm2m-2q6h-22jw
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-avx3-b1dt-kkf9
5
url VCID-eteg-y529-n3a9
vulnerability_id VCID-eteg-y529-n3a9
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49145
reference_id
reference_type
scores
0
value 0.00293
scoring_system epss
scoring_elements 0.52985
published_at 2026-06-11T12:55:00Z
1
value 0.00293
scoring_system epss
scoring_elements 0.53113
published_at 2026-06-12T12:55:00Z
2
value 0.00293
scoring_system epss
scoring_elements 0.53128
published_at 2026-06-13T12:55:00Z
3
value 0.00293
scoring_system epss
scoring_elements 0.53112
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49145
1
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
2
reference_url https://github.com/apache/nifi/commit/50efc55df6bb00ea15adcc2459d5cc82d128857f
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/50efc55df6bb00ea15adcc2459d5cc82d128857f
3
reference_url https://github.com/apache/nifi/pull/8060
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/pull/8060
4
reference_url https://issues.apache.org/jira/browse/NIFI-12403
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/NIFI-12403
5
reference_url https://lists.apache.org/thread/j8rd0qsvgoj0khqck5f49jfbp0fm8r1o
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/j8rd0qsvgoj0khqck5f49jfbp0fm8r1o
6
reference_url https://nifi.apache.org/security.html#CVE-2023-49145
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security.html#CVE-2023-49145
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49145
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49145
8
reference_url http://www.openwall.com/lists/oss-security/2023/11/27/5
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/11/27/5
9
reference_url https://github.com/advisories/GHSA-68pr-6fjc-wmgm
reference_id GHSA-68pr-6fjc-wmgm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-68pr-6fjc-wmgm
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.24.0
purl pkg:maven/org.apache.nifi/nifi@1.24.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.24.0
aliases CVE-2023-49145, GHSA-68pr-6fjc-wmgm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eteg-y529-n3a9
6
url VCID-habt-39ed-t3cg
vulnerability_id VCID-habt-39ed-t3cg
summary 
The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references.

Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references.

The resolution disables Document Type Declarations and disallows XML External Entity resolution in the ExtractCCDAAttributes Processor.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22832
reference_id
reference_type
scores
0
value 0.02041
scoring_system epss
scoring_elements 0.84263
published_at 2026-06-12T12:55:00Z
1
value 0.02041
scoring_system epss
scoring_elements 0.84266
published_at 2026-06-14T12:55:00Z
2
value 0.02041
scoring_system epss
scoring_elements 0.84272
published_at 2026-06-13T12:55:00Z
3
value 0.02041
scoring_system epss
scoring_elements 0.84208
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22832
1
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
2
reference_url https://github.com/apache/nifi/commit/e966336e8966cf0cbbd12a2c4f2d73a7ceb75cd8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/e966336e8966cf0cbbd12a2c4f2d73a7ceb75cd8
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22832
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22832
4
reference_url https://lists.apache.org/thread/b51qs6y7b7r58vovddkv6wc16g2xbl3w
reference_id b51qs6y7b7r58vovddkv6wc16g2xbl3w
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T16:28:56Z/
url https://lists.apache.org/thread/b51qs6y7b7r58vovddkv6wc16g2xbl3w
5
reference_url https://github.com/advisories/GHSA-hxjp-q6c3-38fx
reference_id GHSA-hxjp-q6c3-38fx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hxjp-q6c3-38fx
6
reference_url https://nifi.apache.org/security.html#CVE-2023-22832
reference_id security.html#CVE-2023-22832
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T16:28:56Z/
url https://nifi.apache.org/security.html#CVE-2023-22832
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.20.0
purl pkg:maven/org.apache.nifi/nifi@1.20.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-avx3-b1dt-kkf9
1
vulnerability VCID-eteg-y529-n3a9
2
vulnerability VCID-ncm3-587h-kuey
3
vulnerability VCID-tghs-efwb-4bhx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.20.0
aliases CVE-2023-22832, GHSA-hxjp-q6c3-38fx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-habt-39ed-t3cg
7
url VCID-ncm3-587h-kuey
vulnerability_id VCID-ncm3-587h-kuey
summary 
The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location.

The resolution validates the JNDI URL and restricts locations to a set of allowed schemes.

You are recommended to upgrade to version 1.22.0 or later which fixes this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34212
reference_id
reference_type
scores
0
value 0.00779
scoring_system epss
scoring_elements 0.74117
published_at 2026-06-11T12:55:00Z
1
value 0.00779
scoring_system epss
scoring_elements 0.74202
published_at 2026-06-14T12:55:00Z
2
value 0.00779
scoring_system epss
scoring_elements 0.74204
published_at 2026-06-13T12:55:00Z
3
value 0.00779
scoring_system epss
scoring_elements 0.7419
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34212
1
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
2
reference_url https://github.com/apache/nifi/commit/3fcb82ee4509d1ad73893d8dca003be6d086c5d6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/3fcb82ee4509d1ad73893d8dca003be6d086c5d6
3
reference_url https://github.com/apache/nifi/pull/7313
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/pull/7313
4
reference_url https://issues.apache.org/jira/browse/NIFI-11614
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/NIFI-11614
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34212
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34212
6
reference_url http://www.openwall.com/lists/oss-security/2023/06/12/2
reference_id 2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T13:37:27Z/
url http://www.openwall.com/lists/oss-security/2023/06/12/2
7
reference_url https://github.com/advisories/GHSA-65wh-g8x8-gm2h
reference_id GHSA-65wh-g8x8-gm2h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-65wh-g8x8-gm2h
8
reference_url https://nifi.apache.org/security.html#CVE-2023-34212
reference_id security.html#CVE-2023-34212
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T13:37:27Z/
url https://nifi.apache.org/security.html#CVE-2023-34212
9
reference_url https://lists.apache.org/thread/w5rm46fxmvxy216tglf0dv83wo6gnzr5
reference_id w5rm46fxmvxy216tglf0dv83wo6gnzr5
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T13:37:27Z/
url https://lists.apache.org/thread/w5rm46fxmvxy216tglf0dv83wo6gnzr5
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.22.0
purl pkg:maven/org.apache.nifi/nifi@1.22.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eteg-y529-n3a9
1
vulnerability VCID-tghs-efwb-4bhx
2
vulnerability VCID-w6eb-33t5-4uen
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.22.0
aliases CVE-2023-34212, GHSA-65wh-g8x8-gm2h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ncm3-587h-kuey
8
url VCID-tghs-efwb-4bhx
vulnerability_id VCID-tghs-efwb-4bhx
summary Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission for referencing remote resources, restricting configuration of these components to privileged users. The permission prevents unprivileged users from configuring Processors and Controller Services annotated with the new Reference Remote Resources restriction. Upgrading to Apache NiFi 1.23.0 is the recommended mitigation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36542
reference_id
reference_type
scores
0
value 0.01177
scoring_system epss
scoring_elements 0.79137
published_at 2026-06-11T12:55:00Z
1
value 0.01177
scoring_system epss
scoring_elements 0.79212
published_at 2026-06-14T12:55:00Z
2
value 0.01177
scoring_system epss
scoring_elements 0.79216
published_at 2026-06-13T12:55:00Z
3
value 0.01177
scoring_system epss
scoring_elements 0.79202
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36542
1
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
2
reference_url https://github.com/apache/nifi/commit/532578799c
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/532578799c
3
reference_url https://issues.apache.org/jira/browse/NIFI-11744
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/NIFI-11744
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36542
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36542
5
reference_url http://www.openwall.com/lists/oss-security/2023/07/29/1
reference_id 1
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/
url http://www.openwall.com/lists/oss-security/2023/07/29/1
6
reference_url http://seclists.org/fulldisclosure/2023/Jul/43
reference_id 43
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/
url http://seclists.org/fulldisclosure/2023/Jul/43
7
reference_url https://github.com/advisories/GHSA-r969-8v3h-23v9
reference_id GHSA-r969-8v3h-23v9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r969-8v3h-23v9
8
reference_url https://nifi.apache.org/security.html#CVE-2023-36542
reference_id security.html#CVE-2023-36542
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/
url https://nifi.apache.org/security.html#CVE-2023-36542
9
reference_url https://lists.apache.org/thread/swnly3dzhhq9zo3rofc8djq77stkhbof
reference_id swnly3dzhhq9zo3rofc8djq77stkhbof
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:50:05Z/
url https://lists.apache.org/thread/swnly3dzhhq9zo3rofc8djq77stkhbof
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.23.0
purl pkg:maven/org.apache.nifi/nifi@1.23.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eteg-y529-n3a9
1
vulnerability VCID-w6eb-33t5-4uen
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.23.0
aliases CVE-2023-36542, GHSA-r969-8v3h-23v9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tghs-efwb-4bhx
9
url VCID-v42h-2qqy-nye9
vulnerability_id VCID-v42h-2qqy-nye9
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20190.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20190.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20190
reference_id
reference_type
scores
0
value 0.00502
scoring_system epss
scoring_elements 0.66607
published_at 2026-06-14T12:55:00Z
1
value 0.00502
scoring_system epss
scoring_elements 0.66609
published_at 2026-06-13T12:55:00Z
2
value 0.00502
scoring_system epss
scoring_elements 0.66594
published_at 2026-06-12T12:55:00Z
3
value 0.00502
scoring_system epss
scoring_elements 0.66501
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20190
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20190
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20190
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88
6
reference_url https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a
7
reference_url https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20190
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20190
9
reference_url https://security.netapp.com/advisory/ntap-20210219-0008
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210219-0008
10
reference_url https://github.com/FasterXML/jackson-databind/issues/2854
reference_id 2854
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:35:59Z/
url https://github.com/FasterXML/jackson-databind/issues/2854
11
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id cpujul2021.html
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:35:59Z/
url https://www.oracle.com//security-alerts/cpujul2021.html
12
reference_url https://github.com/advisories/GHSA-5949-rw7g-wx7w
reference_id GHSA-5949-rw7g-wx7w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5949-rw7g-wx7w
13
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id msg00025.html
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:35:59Z/
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
14
reference_url https://security.netapp.com/advisory/ntap-20210219-0008/
reference_id ntap-20210219-0008
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:35:59Z/
url https://security.netapp.com/advisory/ntap-20210219-0008/
15
reference_url https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a%40%3Ccommits.nifi.apache.org%3E
reference_id r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a%40%3Ccommits.nifi.apache.org%3E
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:35:59Z/
url https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a%40%3Ccommits.nifi.apache.org%3E
16
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
17
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1916633
reference_id show_bug.cgi?id=1916633
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:35:59Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=1916633
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.13.0
purl pkg:maven/org.apache.nifi/nifi@1.13.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-56aa-nb8x-7kb3
1
vulnerability VCID-7ha3-fxfp-c7h5
2
vulnerability VCID-avx3-b1dt-kkf9
3
vulnerability VCID-eteg-y529-n3a9
4
vulnerability VCID-habt-39ed-t3cg
5
vulnerability VCID-ncm3-587h-kuey
6
vulnerability VCID-tghs-efwb-4bhx
7
vulnerability VCID-ydat-dxue-8kc4
8
vulnerability VCID-z2bz-49gp-uyft
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.13.0
aliases CVE-2021-20190, GHSA-5949-rw7g-wx7w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v42h-2qqy-nye9
10
url VCID-ydat-dxue-8kc4
vulnerability_id VCID-ydat-dxue-8kc4
summary Multiple components in Apache NiFi do not restrict XML External Entity references
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29265
reference_id
reference_type
scores
0
value 0.0212
scoring_system epss
scoring_elements 0.84554
published_at 2026-06-12T12:55:00Z
1
value 0.0212
scoring_system epss
scoring_elements 0.84499
published_at 2026-06-11T12:55:00Z
2
value 0.0212
scoring_system epss
scoring_elements 0.84556
published_at 2026-06-14T12:55:00Z
3
value 0.0212
scoring_system epss
scoring_elements 0.84563
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29265
1
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
2
reference_url https://lists.apache.org/thread/47od9kr9n4cyv0mv81jh3pkyx815kyjl
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/47od9kr9n4cyv0mv81jh3pkyx815kyjl
3
reference_url https://nifi.apache.org/security.html#CVE-2022-29265
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security.html#CVE-2022-29265
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29265
reference_id CVE-2022-29265
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29265
5
reference_url https://github.com/advisories/GHSA-wc97-7623-rxwx
reference_id GHSA-wc97-7623-rxwx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wc97-7623-rxwx
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.16.1
purl pkg:maven/org.apache.nifi/nifi@1.16.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7ha3-fxfp-c7h5
1
vulnerability VCID-avx3-b1dt-kkf9
2
vulnerability VCID-eteg-y529-n3a9
3
vulnerability VCID-habt-39ed-t3cg
4
vulnerability VCID-ncm3-587h-kuey
5
vulnerability VCID-tghs-efwb-4bhx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.16.1
aliases CVE-2022-29265, GHSA-wc97-7623-rxwx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ydat-dxue-8kc4
11
url VCID-z2bz-49gp-uyft
vulnerability_id VCID-z2bz-49gp-uyft
summary Exposure of Sensitive Information to an Unauthorized Actor in Apache NiFi
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-44145
reference_id
reference_type
scores
0
value 0.00315
scoring_system epss
scoring_elements 0.55138
published_at 2026-06-12T12:55:00Z
1
value 0.00315
scoring_system epss
scoring_elements 0.55016
published_at 2026-06-11T12:55:00Z
2
value 0.00315
scoring_system epss
scoring_elements 0.55141
published_at 2026-06-14T12:55:00Z
3
value 0.00315
scoring_system epss
scoring_elements 0.55154
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-44145
1
reference_url https://nifi.apache.org/security.html#1.15.1-vulnerabilities
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security.html#1.15.1-vulnerabilities
2
reference_url http://www.openwall.com/lists/oss-security/2021/12/17/1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/12/17/1
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-44145
reference_id CVE-2021-44145
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-44145
4
reference_url https://github.com/advisories/GHSA-rq96-qhc5-vm4r
reference_id GHSA-rq96-qhc5-vm4r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rq96-qhc5-vm4r
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.15.1
purl pkg:maven/org.apache.nifi/nifi@1.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7ha3-fxfp-c7h5
1
vulnerability VCID-avx3-b1dt-kkf9
2
vulnerability VCID-eteg-y529-n3a9
3
vulnerability VCID-habt-39ed-t3cg
4
vulnerability VCID-hmkv-9nnk-tffa
5
vulnerability VCID-ncm3-587h-kuey
6
vulnerability VCID-tghs-efwb-4bhx
7
vulnerability VCID-ydat-dxue-8kc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.15.1
aliases CVE-2021-44145, GHSA-rq96-qhc5-vm4r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z2bz-49gp-uyft
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.11.4