Maven package
org.apache.nifi/nifi-dbcp-base
pkg:maven/org.apache.nifi/nifi-dbcp-base
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-40037 | — | >= 1.21.0, < 1.23.1 | 1.23.1 | Aug 18, 2023 | Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL valid | ||
| CVE-2023-34468 | — | >= 0.0.2, < 1.22.0 | 1.22.0 | Jun 12, 2023 | The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and r |
- CVE-2023-40037Aug 18, 2023affected >= 1.21.0, < 1.23.1fixed 1.23.1
Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL valid
- CVE-2023-34468Jun 12, 2023affected >= 0.0.2, < 1.22.0fixed 1.22.0
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and r