Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.nifi/nifi@1.3.0

Type maven

Namespace org.apache.nifi

Name nifi

Version 1.3.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.5.0

Latest_non_vulnerable_version 1.24.0

Affected_by_vulnerabilities

url VCID-e3tg-8rmu-9ucb

vulnerability_id VCID-e3tg-8rmu-9ucb

summary

Improper Restriction of XML External Entity Reference
An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity.

references

reference_url	https://nifi.apache.org/security.html#CVE-2017-12623
reference_id
reference_type
scores
url	https://nifi.apache.org/security.html#CVE-2017-12623

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-12623
reference_id	CVE-2017-12623
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-12623

fixed_packages

url pkg:maven/org.apache.nifi/nifi@1.4.0

purl pkg:maven/org.apache.nifi/nifi@1.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ps4-jf7z-nqf1

vulnerability	VCID-cqqh-wp8z-jua2

vulnerability	VCID-jnfq-u9wb-k7dq

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.4.0

aliases CVE-2017-12623

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3tg-8rmu-9ucb

Fixing_vulnerabilities

url VCID-5yn9-8juq-mkd9

vulnerability_id VCID-5yn9-8juq-mkd9

summary

Cross-site Scripting
There are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.

references

reference_url	http://www.securityfocus.com/bid/99009
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/99009

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-7665
reference_id	CVE-2017-7665
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-7665

fixed_packages

url	pkg:maven/org.apache.nifi/nifi@0.7.4
purl	pkg:maven/org.apache.nifi/nifi@0.7.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@0.7.4

url pkg:maven/org.apache.nifi/nifi@1.3.0

purl pkg:maven/org.apache.nifi/nifi@1.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e3tg-8rmu-9ucb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.3.0

aliases CVE-2017-7665

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5yn9-8juq-mkd9

url VCID-ty4z-t2su-muc6

vulnerability_id VCID-ty4z-t2su-muc6

summary

Origin Validation Error
Apache NiFi needs to establish the response header telling browsers to only allow framing with the same origin.

references

reference_url	http://www.securityfocus.com/bid/99018
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/99018

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-7667
reference_id	CVE-2017-7667
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-7667

fixed_packages

url	pkg:maven/org.apache.nifi/nifi@0.7.4
purl	pkg:maven/org.apache.nifi/nifi@0.7.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@0.7.4

url pkg:maven/org.apache.nifi/nifi@1.3.0

purl pkg:maven/org.apache.nifi/nifi@1.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e3tg-8rmu-9ucb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.3.0

aliases CVE-2017-7667

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ty4z-t2su-muc6

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.3.0

Package Instance