{"url":"http://public2.vulnerablecode.io/api/packages/54459?format=json","purl":"pkg:maven/org.apache.nifi/nifi@1.1.1","type":"maven","namespace":"org.apache.nifi","name":"nifi","version":"1.1.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.5.0","latest_non_vulnerable_version":"1.24.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39047?format=json","vulnerability_id":"VCID-m99c-5n4v-w7ec","summary":"Injection Vulnerability\nThe proxy chain `serialization/deserialization` is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node.","references":[{"reference_url":"https://nifi.apache.org/security.html#CVE-2017-5636","reference_id":"","reference_type":"","scores":[],"url":"https://nifi.apache.org/security.html#CVE-2017-5636"},{"reference_url":"http://www.securityfocus.com/bid/96731","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/96731"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5636","reference_id":"CVE-2017-5636","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5636"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53686?format=json","purl":"pkg:maven/org.apache.nifi/nifi@1.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yn9-8juq-mkd9"},{"vulnerability":"VCID-e3tg-8rmu-9ucb"},{"vulnerability":"VCID-ty4z-t2su-muc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.1.2"}],"aliases":["CVE-2017-5636"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m99c-5n4v-w7ec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39048?format=json","vulnerability_id":"VCID-r6wb-vjgp-tubn","summary":"Improper Authentication\nIf an anonymous user request is replicated to another node, the originating node identity is used rather than the \"anonymous\" user.","references":[{"reference_url":"https://nifi.apache.org/security.html#CVE-2017-5635","reference_id":"","reference_type":"","scores":[],"url":"https://nifi.apache.org/security.html#CVE-2017-5635"},{"reference_url":"http://www.securityfocus.com/bid/96730","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/96730"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5635","reference_id":"CVE-2017-5635","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5635"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53686?format=json","purl":"pkg:maven/org.apache.nifi/nifi@1.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yn9-8juq-mkd9"},{"vulnerability":"VCID-e3tg-8rmu-9ucb"},{"vulnerability":"VCID-ty4z-t2su-muc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.1.2"}],"aliases":["CVE-2017-5635"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r6wb-vjgp-tubn"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39049?format=json","vulnerability_id":"VCID-8ybn-5kck-d7fz","summary":"Cross-site Scripting\nIn Apache NiFi, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.","references":[{"reference_url":"https://nifi.apache.org/security.html#CVE-2016-8748","reference_id":"","reference_type":"","scores":[],"url":"https://nifi.apache.org/security.html#CVE-2016-8748"},{"reference_url":"http://www.securityfocus.com/bid/95621","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95621"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8748","reference_id":"CVE-2016-8748","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8748"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54459?format=json","purl":"pkg:maven/org.apache.nifi/nifi@1.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m99c-5n4v-w7ec"},{"vulnerability":"VCID-r6wb-vjgp-tubn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.1.1"}],"aliases":["CVE-2016-8748"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ybn-5kck-d7fz"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.1.1"}