org.apache.nifi:nifi-dbcp-base is vulnerable to Insufficient URL Validation. The vulnerability allows an authenticated attacker with relevant privileges to bypass connection URL validation using custom input formatting, which leads to unauthorized access to data or other resources.
www.openwall.com/lists/oss-security/2023/08/18/2
github.com/advisories/GHSA-23qf-3jf9-h3q9
github.com/apache/nifi/commit/064550aacc189f39d7ddd2c0446068adf250f1bf
github.com/apache/nifi/pull/7586
issues.apache.org/jira/browse/NIFI-11920
lists.apache.org/thread/bqbjlrs2p5ghh8sbk5nsxb8xpf9l687q
nifi.apache.org/security.html#CVE-2023-40037