Maven package
org.apache.nifi/nifi-dbcp-service-bundle
pkg:maven/org.apache.nifi/nifi-dbcp-service-bundle
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-40037 | — | >= 1.21.0, < 1.23.1 | 1.23.1 | Aug 18, 2023 | Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL valid |
- CVE-2023-40037Aug 18, 2023affected >= 1.21.0, < 1.23.1fixed 1.23.1
Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL valid