Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.nifi/nifi-mongodb-services@1.19.1
Typemaven
Namespaceorg.apache.nifi
Namenifi-mongodb-services
Version1.19.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.3.0
Latest_non_vulnerable_version2.3.0
Affected_by_vulnerabilities
0
url VCID-emwz-zcbn-qbhv
vulnerability_id VCID-emwz-zcbn-qbhv
summary Apache NiFi 1.13.0 through 2.2.0 includes the username and password used to authenticate with MongoDB in the NiFi provenance events that MongoDB components generate during processing. An authorized user with read access to the provenance events of those processors may see the credentials information. Upgrading to Apache NiFi 2.3.0 is the recommended mitigation, which removes the credentials from provenance event records.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27017
reference_id
reference_type
scores
0
value 0.00099
scoring_system epss
scoring_elements 0.27339
published_at 2026-06-13T12:55:00Z
1
value 0.00099
scoring_system epss
scoring_elements 0.27321
published_at 2026-06-14T12:55:00Z
2
value 0.00099
scoring_system epss
scoring_elements 0.27115
published_at 2026-06-11T12:55:00Z
3
value 0.00099
scoring_system epss
scoring_elements 0.27319
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27017
1
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:P/AU:Y/R:U/V:C/RE:L/U:Green
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
2
reference_url https://github.com/apache/nifi/commit/48d684500f6ad70f65bfd510db054590c5bc74a9
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:P/AU:Y/R:U/V:C/RE:L/U:Green
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/48d684500f6ad70f65bfd510db054590c5bc74a9
3
reference_url https://issues.apache.org/jira/browse/NIFI-14272
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:P/AU:Y/R:U/V:C/RE:L/U:Green
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/NIFI-14272
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27017
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:P/AU:Y/R:U/V:C/RE:L/U:Green
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27017
5
reference_url http://www.openwall.com/lists/oss-security/2025/03/11/1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:P/AU:Y/R:U/V:C/RE:L/U:Green
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/03/11/1
6
reference_url https://lists.apache.org/thread/d4n5474jkhp82dvnht13pjtlfx7bhn5q
reference_id d4n5474jkhp82dvnht13pjtlfx7bhn5q
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:P/AU:Y/R:U/V:C/RE:L/U:Green
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T17:55:54Z/
url https://lists.apache.org/thread/d4n5474jkhp82dvnht13pjtlfx7bhn5q
7
reference_url https://github.com/advisories/GHSA-35gq-cvrm-xf94
reference_id GHSA-35gq-cvrm-xf94
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-35gq-cvrm-xf94
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi-mongodb-services@2.3.0
purl pkg:maven/org.apache.nifi/nifi-mongodb-services@2.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-mongodb-services@2.3.0
aliases CVE-2025-27017, GHSA-35gq-cvrm-xf94
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-emwz-zcbn-qbhv
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-mongodb-services@1.19.1