Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.nifi/nifi-dbcp-service-bundle@1.23.1
Typemaven
Namespaceorg.apache.nifi
Namenifi-dbcp-service-bundle
Version1.23.1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-juu3-g6fp-1qhn
vulnerability_id VCID-juu3-g6fp-1qhn
summary 
Incorrect Comparison
Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custom input formatting. The resolution enhances connection URL validation and introduces validation for additional related properties. Upgrading to Apache NiFi 1.23.1 is the recommended mitigation.
references
0
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
url https://github.com/apache/nifi
1
reference_url https://github.com/apache/nifi/commit/064550aacc189f39d7ddd2c0446068adf250f1bf
reference_id
reference_type
scores
url https://github.com/apache/nifi/commit/064550aacc189f39d7ddd2c0446068adf250f1bf
2
reference_url https://github.com/apache/nifi/pull/7586
reference_id
reference_type
scores
url https://github.com/apache/nifi/pull/7586
3
reference_url https://issues.apache.org/jira/browse/NIFI-11920
reference_id
reference_type
scores
url https://issues.apache.org/jira/browse/NIFI-11920
4
reference_url https://lists.apache.org/thread/bqbjlrs2p5ghh8sbk5nsxb8xpf9l687q
reference_id
reference_type
scores
url https://lists.apache.org/thread/bqbjlrs2p5ghh8sbk5nsxb8xpf9l687q
5
reference_url https://nifi.apache.org/security.html#CVE-2023-40037
reference_id
reference_type
scores
url https://nifi.apache.org/security.html#CVE-2023-40037
6
reference_url http://www.openwall.com/lists/oss-security/2023/08/18/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/08/18/2
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-40037
reference_id CVE-2023-40037
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-40037
8
reference_url https://github.com/advisories/GHSA-23qf-3jf9-h3q9
reference_id GHSA-23qf-3jf9-h3q9
reference_type
scores
url https://github.com/advisories/GHSA-23qf-3jf9-h3q9
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi-dbcp-service-bundle@1.23.1
purl pkg:maven/org.apache.nifi/nifi-dbcp-service-bundle@1.23.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-dbcp-service-bundle@1.23.1
aliases CVE-2023-40037, GHSA-23qf-3jf9-h3q9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-juu3-g6fp-1qhn
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-dbcp-service-bundle@1.23.1