Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.nifi/nifi-dbcp-service-nar@0.5.1

Type maven

Namespace org.apache.nifi

Name nifi-dbcp-service-nar

Version 0.5.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.22.0

Latest_non_vulnerable_version 1.22.0

Affected_by_vulnerabilities

url VCID-avx3-b1dt-kkf9

vulnerability_id VCID-avx3-b1dt-kkf9

summary

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.

The resolution validates the Database URL and rejects H2 JDBC locations.

You are recommended to upgrade to version 1.22.0 or later which fixes this issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-34468

reference_id

reference_type

scores

value	0.78065
scoring_system	epss
scoring_elements	0.99038
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-34468

reference_url

https://exceptionfactory.com/posts/2023/10/07/firsthand-analysis-of-apache-nifi-vulnerability-cve-2023-34468

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://exceptionfactory.com/posts/2023/10/07/firsthand-analysis-of-apache-nifi-vulnerability-cve-2023-34468

reference_url

https://github.com/apache/nifi

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/nifi

reference_url

https://github.com/apache/nifi/commit/4faf3ea59895e7e153db3f8f61147ff70a254361

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/nifi/commit/4faf3ea59895e7e153db3f8f61147ff70a254361

reference_url

https://github.com/apache/nifi/pull/7349

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/nifi/pull/7349

reference_url

https://issues.apache.org/jira/browse/NIFI-11653

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/NIFI-11653

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-34468

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-34468

reference_url

https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation

reference_url

http://www.openwall.com/lists/oss-security/2023/06/12/3

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/

url

http://www.openwall.com/lists/oss-security/2023/06/12/3

reference_url

https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8

reference_id

7b82l4f5blmpkfcynf3y6z4x1vqo59h8

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/

url

https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8

reference_url

https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/

reference_id

apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/

url

https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/

reference_url

http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html

reference_id

Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/

url

http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html

reference_url

https://github.com/advisories/GHSA-xm2m-2q6h-22jw

reference_id

GHSA-xm2m-2q6h-22jw

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xm2m-2q6h-22jw

reference_url

https://nifi.apache.org/security.html#CVE-2023-34468

reference_id

security.html#CVE-2023-34468

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:21:50Z/

url

https://nifi.apache.org/security.html#CVE-2023-34468

fixed_packages

url	pkg:maven/org.apache.nifi/nifi-dbcp-service-nar@1.22.0
purl	pkg:maven/org.apache.nifi/nifi-dbcp-service-nar@1.22.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-dbcp-service-nar@1.22.0

aliases CVE-2023-34468, GHSA-xm2m-2q6h-22jw

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-avx3-b1dt-kkf9

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-dbcp-service-nar@0.5.1

Package Instance