Vulnerability	Vulnerable Version
H Improper Input Validation Affected versions of this package are vulnerable to Improper Input Validation due to improper validation of URLs against maliciously crafted inputs. An authenticated and authorized user can bypass connection URL validation using custom input formatting. How to fix Improper Input Validation? Upgrade `org.apache.nifi:nifi-dbcp-base` to version 1.23.1 or higher.	[1.21.0,1.23.1)
H Arbitrary Code Execution Affected versions of this package are vulnerable to Arbitrary Code Execution in the `DBCPConnectionPool` and `HikariCPConnectionPool` controller services. An authenticated and authorized user can inject code by configuring a JDBC URL with the H2 driver that enables custom code execution. How to fix Arbitrary Code Execution? Upgrade `org.apache.nifi:nifi-dbcp-base` to version 1.22.0 or higher.	[,1.22.0)

Improper Input Validation

Affected versions of this package are vulnerable to Improper Input Validation due to improper validation of URLs against maliciously crafted inputs. An authenticated and authorized user can bypass connection URL validation using custom input formatting.

How to fix Improper Input Validation?

Upgrade org.apache.nifi:nifi-dbcp-base to version 1.23.1 or higher.

[1.21.0,1.23.1)

Arbitrary Code Execution

Affected versions of this package are vulnerable to Arbitrary Code Execution in the DBCPConnectionPool and HikariCPConnectionPool controller services. An authenticated and authorized user can inject code by configuring a JDBC URL with the H2 driver that enables custom code execution.

How to fix Arbitrary Code Execution?

Upgrade org.apache.nifi:nifi-dbcp-base to version 1.22.0 or higher.

[,1.22.0)

Go back to all versions of this package