VYPR

Maven package

org.apache.nifi/nifi-dbcp-base

pkg:maven/org.apache.nifi/nifi-dbcp-base

Vulnerabilities (2)

  • CVE-2023-40037Aug 18, 2023
    affected >= 1.21.0, < 1.23.1fixed 1.23.1

    Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL valid

  • CVE-2023-34468Jun 12, 2023
    affected >= 0.0.2, < 1.22.0fixed 1.22.0

    The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and r