Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.nifi/nifi@0.1.0

Type maven

Namespace org.apache.nifi

Name nifi

Version 0.1.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.24.0

Latest_non_vulnerable_version 1.24.0

Affected_by_vulnerabilities

url VCID-n9ad-a71z-vfeh

vulnerability_id VCID-n9ad-a71z-vfeh

summary

Exposure of Sensitive Information to an Unauthorized Actor
In the TransformXML processor of Apache NiFi an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44145

reference_id

reference_type

scores

value	0.00315
scoring_system	epss
scoring_elements	0.54884
published_at	2026-06-04T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54951
published_at	2026-06-06T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54942
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44145

reference_url

https://nifi.apache.org/security.html#1.15.1-vulnerabilities

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nifi.apache.org/security.html#1.15.1-vulnerabilities

reference_url

http://www.openwall.com/lists/oss-security/2021/12/17/1

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/12/17/1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-44145

reference_id

CVE-2021-44145

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-44145

reference_url

https://github.com/advisories/GHSA-rq96-qhc5-vm4r

reference_id

GHSA-rq96-qhc5-vm4r

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rq96-qhc5-vm4r

fixed_packages

url pkg:maven/org.apache.nifi/nifi@1.15.1

purl pkg:maven/org.apache.nifi/nifi@1.15.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8vy1-a5st-abfb

vulnerability	VCID-grt2-a9zv-gkck

vulnerability	VCID-jmcf-m398-pqec

vulnerability	VCID-jwv9-rx8x-jkf3

vulnerability	VCID-mm3u-4acx-e3hj

vulnerability	VCID-qkvt-fdp4-uyd6

vulnerability	VCID-u3p9-su6e-efbw

vulnerability	VCID-uwnc-5qk4-eqgw

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.15.1

aliases CVE-2021-44145, GHSA-rq96-qhc5-vm4r

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9ad-a71z-vfeh

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@0.1.0

Package Instance