Vulnerabilites related to apache - nifi_registry
cve-2020-9482
Vulnerability from cvelistv5
Published
2020-04-28 18:12
Modified
2024-08-04 10:26
Severity ?
EPSS score ?
Summary
If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out to make API requests to NiFi Registry.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nifi.apache.org/registry-security.html#CVE-2020-9482 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache | Apache NiFi Registry |
Version: 0.1.0 to 0.5.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nifi.apache.org/registry-security.html#CVE-2020-9482"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache NiFi Registry",
"vendor": "Apache",
"versions": [
{
"status": "affected",
"version": "0.1.0 to 0.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user\u0027s client-side token to be used for up to 12 hours after logging out to make API requests to NiFi Registry."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T18:12:58",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nifi.apache.org/registry-security.html#CVE-2020-9482"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-9482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache NiFi Registry",
"version": {
"version_data": [
{
"version_value": "0.1.0 to 0.5.0"
}
]
}
}
]
},
"vendor_name": "Apache"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user\u0027s client-side token to be used for up to 12 hours after logging out to make API requests to NiFi Registry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nifi.apache.org/registry-security.html#CVE-2020-9482",
"refsource": "CONFIRM",
"url": "https://nifi.apache.org/registry-security.html#CVE-2020-9482"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-9482",
"datePublished": "2020-04-28T18:12:58",
"dateReserved": "2020-03-01T00:00:00",
"dateUpdated": "2024-08-04T10:26:16.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33140
Vulnerability from cvelistv5
Published
2022-06-15 14:25
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/bzs2pcdjsdrh5039oslmfr9mbs9qqdhr | x_refsource_MISC | |
| https://nifi.apache.org/security.html#CVE-2022-33140 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Apache Software Foundation | Apache NiFi |
Version: up to 1.16.2 < Version: 1.10.0 < 1.10.0* |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:01:19.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread/bzs2pcdjsdrh5039oslmfr9mbs9qqdhr"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nifi.apache.org/security.html#CVE-2022-33140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache NiFi",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.16.2",
"status": "affected",
"version": "up to 1.16.2",
"versionType": "custom"
},
{
"lessThan": "1.10.0*",
"status": "affected",
"version": "1.10.0",
"versionType": "custom"
}
]
},
{
"product": "Apache NiFi Registry",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.16.2",
"status": "affected",
"version": "up to 1.16.2",
"versionType": "custom"
},
{
"lessThan": "0.6.0*",
"status": "affected",
"version": "0.6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments."
}
],
"metrics": [
{
"other": {
"content": {
"other": "high"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T14:25:15",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread/bzs2pcdjsdrh5039oslmfr9mbs9qqdhr"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nifi.apache.org/security.html#CVE-2022-33140"
}
],
"source": {
"defect": [
"NIFI-10114"
],
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2022-06-11T00:00:00",
"value": "reported"
}
],
"title": "Improper Neutralization of Command Elements in Shell User Group Provider",
"workarounds": [
{
"lang": "en",
"value": "Disabling the ShellUserGroupProvider mitigates the vulnerability."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-33140",
"STATE": "PUBLIC",
"TITLE": "Improper Neutralization of Command Elements in Shell User Group Provider"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache NiFi",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "up to 1.16.2",
"version_value": "1.16.2"
},
{
"version_affected": "\u003e=",
"version_name": "1.10.0",
"version_value": "1.10.0"
}
]
}
},
{
"product_name": "Apache NiFi Registry",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "up to 1.16.2",
"version_value": "1.16.2"
},
{
"version_affected": "\u003e=",
"version_name": "0.6.0",
"version_value": "0.6.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "high"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/bzs2pcdjsdrh5039oslmfr9mbs9qqdhr",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/bzs2pcdjsdrh5039oslmfr9mbs9qqdhr"
},
{
"name": "https://nifi.apache.org/security.html#CVE-2022-33140",
"refsource": "MISC",
"url": "https://nifi.apache.org/security.html#CVE-2022-33140"
}
]
},
"source": {
"defect": [
"NIFI-10114"
],
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2022-06-11T00:00:00",
"value": "reported"
}
],
"work_around": [
{
"lang": "en",
"value": "Disabling the ShellUserGroupProvider mitigates the vulnerability."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-33140",
"datePublished": "2022-06-15T14:25:15",
"dateReserved": "2022-06-13T00:00:00",
"dateUpdated": "2024-08-03T08:01:19.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-04-28 19:15
Modified
2024-11-21 05:40
Severity ?
Summary
If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out to make API requests to NiFi Registry.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://nifi.apache.org/registry-security.html#CVE-2020-9482 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nifi.apache.org/registry-security.html#CVE-2020-9482 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | nifi_registry | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:nifi_registry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8ED43B2-B4F2-4C8C-A90A-AABEB0C1A108",
"versionEndIncluding": "0.5.0",
"versionStartIncluding": "0.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user\u0027s client-side token to be used for up to 12 hours after logging out to make API requests to NiFi Registry."
},
{
"lang": "es",
"value": "Si NiFi Registry versiones 0.1.0 hasta 0.5.0 usa un mecanismo de autenticaci\u00f3n distinto de PKI, cuando el usuario hace clic en Log Out, NiFi Registry invalida el token de autenticaci\u00f3n en el lado del cliente pero no en el lado del servidor. Esto permite que el token del lado del cliente del usuario sea usado hasta 12 horas despu\u00e9s de cerrar sesi\u00f3n para llevar a cabo peticiones de la API al NiFi Registry."
}
],
"id": "CVE-2020-9482",
"lastModified": "2024-11-21T05:40:44.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-28T19:15:12.470",
"references": [
{
"source": "security@apache.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nifi.apache.org/registry-security.html#CVE-2020-9482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nifi.apache.org/registry-security.html#CVE-2020-9482"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-15 15:15
Modified
2024-11-21 07:07
Severity ?
Summary
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/bzs2pcdjsdrh5039oslmfr9mbs9qqdhr | Mailing List, Vendor Advisory | |
| security@apache.org | https://nifi.apache.org/security.html#CVE-2022-33140 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/bzs2pcdjsdrh5039oslmfr9mbs9qqdhr | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nifi.apache.org/security.html#CVE-2022-33140 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | nifi | * | |
| apache | nifi_registry | * | |
| apple | macos | - | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF32EE88-DDE8-42A0-B231-59A08501A123",
"versionEndIncluding": "1.16.2",
"versionStartIncluding": "1.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:nifi_registry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72FE2DCA-C5F8-49F7-8C1E-B3F033CA3056",
"versionEndIncluding": "1.16.2",
"versionStartIncluding": "0.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments."
},
{
"lang": "es",
"value": "El ShellUserGroupProvider opcional en Apache NiFi versiones 1.10.0 a 1.16.2 y Apache NiFi Registry 0.6.0 a 1.16.2 no neutraliza los argumentos para los comandos de resoluci\u00f3n de grupos, permitiendo una inyecci\u00f3n de comandos del sistema operativo en las plataformas Linux y macOS. El ShellUserGroupProvider no est\u00e1 incluido en la configuraci\u00f3n por defecto. La inyecci\u00f3n de comandos requiere que ShellUserGroupProvider sea uno de los proveedores de grupos de usuarios habilitados en la configuraci\u00f3n de Authorizers. La inyecci\u00f3n de comandos tambi\u00e9n requiere un usuario Autenticado con altos privilegios. Apache NiFi requiere un usuario autenticado con autorizaci\u00f3n para modificar las pol\u00edticas de acceso para poder ejecutar el comando. El Registro de Apache NiFi requiere un usuario autenticado con autorizaci\u00f3n para leer los grupos de usuarios para poder ejecutar el comando. La resoluci\u00f3n elimina el formato del comando basado en los argumentos proporcionados por el usuario"
}
],
"id": "CVE-2022-33140",
"lastModified": "2024-11-21T07:07:35.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-15T15:15:08.050",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/bzs2pcdjsdrh5039oslmfr9mbs9qqdhr"
},
{
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://nifi.apache.org/security.html#CVE-2022-33140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/bzs2pcdjsdrh5039oslmfr9mbs9qqdhr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://nifi.apache.org/security.html#CVE-2022-33140"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}