{"url":"http://public2.vulnerablecode.io/api/packages/53682?format=json","purl":"pkg:maven/org.apache.nifi/nifi@0.7.3","type":"maven","namespace":"org.apache.nifi","name":"nifi","version":"0.7.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.7.4","latest_non_vulnerable_version":"1.24.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38647?format=json","vulnerability_id":"VCID-5yn9-8juq-mkd9","summary":"Cross-site Scripting\nThere are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.","references":[{"reference_url":"http://www.securityfocus.com/bid/99009","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/99009"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7665","reference_id":"CVE-2017-7665","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7665"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53688?format=json","purl":"pkg:maven/org.apache.nifi/nifi@0.7.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@0.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/53689?format=json","purl":"pkg:maven/org.apache.nifi/nifi@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e3tg-8rmu-9ucb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.3.0"}],"aliases":["CVE-2017-7665"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5yn9-8juq-mkd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38649?format=json","vulnerability_id":"VCID-ty4z-t2su-muc6","summary":"Origin Validation Error\nApache NiFi needs to establish the response header telling browsers to only allow framing with the same origin.","references":[{"reference_url":"http://www.securityfocus.com/bid/99018","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/99018"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7667","reference_id":"CVE-2017-7667","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7667"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53688?format=json","purl":"pkg:maven/org.apache.nifi/nifi@0.7.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@0.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/53689?format=json","purl":"pkg:maven/org.apache.nifi/nifi@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e3tg-8rmu-9ucb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.3.0"}],"aliases":["CVE-2017-7667"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ty4z-t2su-muc6"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@0.7.3"}