{"vulnerability": "CVE-2023-4003", "sightings": [{"uuid": "7efacb4a-0822-4bc7-82a9-e1ef7c5bd9d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40035", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113476506692863958", "content": "", "creation_timestamp": "2024-11-13T16:07:59.661494Z"}, {"uuid": "bd182277-3f6e-4cc9-8577-60f7113ccbbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40031", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5104", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1anotepad++\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1eCVE-2023-40031 \u5206\u6790\u4e0e\u590d\u73b0\nURL\uff1ahttps://github.com/webraybtl/CVE-2023-40031\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-09-09T01:18:57.000000Z"}, {"uuid": "2e9b7b1b-92b8-46bb-8fad-eeea11d9fad2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40031", "type": "published-proof-of-concept", "source": "https://t.me/cKure/11541", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 CVE-2023-40031: Notepad++ heap buffer overflow vulnerability CVE-2023-40031 analysis and reproduction.\n\nhttps://github.com/webraybtl/CVE-2023-40031", "creation_timestamp": "2023-09-10T07:16:49.000000Z"}, {"uuid": "6f80f70c-0619-47a5-ab06-fbec21f873a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40035", "type": "seen", "source": "https://t.me/cvedetector/10838", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52293 - Craft CMS Remote Code Execution via Twig SSTI Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-52293 \nPublished : Nov. 13, 2024, 4:15 p.m. | 39\u00a0minutes ago \nDescription : Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-13T18:04:00.000000Z"}, {"uuid": "6ee68aa8-d49f-4b0d-a870-aa85d48ac178", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40037", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5931", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-40037: Incomplete Validation of JDBC and JNDI Connection URLs in Apache NiFi\nURL\uff1ahttps://github.com/mbadanoiu/CVE-2023-40037\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-11-23T22:57:00.000000Z"}, {"uuid": "d1947240-36d4-4574-84c2-4b4679aa7e85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40033", "type": "seen", "source": "https://t.me/arpsyndicate/344", "content": "#ExploitObserverAlert\n\nCVE-2023-40033\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-40033. Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery (SSRF) attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofing the MIME type, an attacker can manipulate the application to execute unintended actions. The vulnerability is due to the behavior of the `intervention/image` package, which attempts to interpret the supplied file contents as a URL, which then fetches its contents. This allows an attacker to exploit the vulnerability to perform SSRF attacks, disclose local file contents, or conduct a blind oracle attack. This has been patched in Flarum version 1.8.0. Users are advised to upgrade. Users unable to upgrade may disable PHP's `allow_url_fopen` which will prevent the fetching of external files via URLs as a temporary workaround for the SSRF aspect of the vulnerability.\n\nFIRST-EPSS: 0.000490000\nNVD-IS: 4.2\nNVD-ES: 2.8", "creation_timestamp": "2023-11-22T10:47:08.000000Z"}, {"uuid": "f46590df-bc56-423b-8462-f5a56a5909e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40038", "type": "seen", "source": "https://t.me/arpsyndicate/2218", "content": "#ExploitObserverAlert\n\nCVE-2023-40038\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-40038. Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit.)", "creation_timestamp": "2023-12-29T08:57:36.000000Z"}, {"uuid": "c8473c0d-0c4c-42c9-9958-cd8549ead613", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40031", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3179", "content": "Hackers Factory \n\nPeer-to-peer bidirectional connection based on Network.framework\n\nhttps://github.com/saagarjha/AppleConnect\n\nAnalyse your malware to surgically obfuscate it\n\nhttps://github.com/dobin/avred\n\nBurp Suite Sharpener\nThis extension should add a number of UI and functional features to Burp Suite to make working with it a bit easier. The latest version of this extension is only compatible with Burp Suite version 2023.10-22956 and above.\n\nhttps://github.com/irsdl/BurpSuiteSharpenerEx/\n\nvulnlab.com reaper writeup\n\nhttps://github.com/macrl2000/reaper-wu\n\nRun Capture the Flags and Security Trainings with OWASP WrongSecrets\n\nhttps://github.com/OWASP/wrongsecrets-ctf-party\n\nMachine Learning for Cyber Security\n\nhttps://github.com/jivoi/awesome-ml-for-cybersecurity\n\nA collection of tools for security research on Starlink's User Terminal\n\nhttps://github.com/quarkslab/starlink-tools\n\nexamples of using radius2 to solve reversing challenges\n\nhttps://github.com/aemmitt-ns/radius2-examples\n\nGHSL-2023-112, GHSL-2023-102, GHSL-2023-103, GHSL-2023-092: Buffer Overflows in Notepad++ - CVE-2023-40031, CVE-2023-40036, CVE-2023-40164, CVE-2023-40166\n\nhttps://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/\n\nRunAsWinTcb\n\nhttps://github.com/tastypepperoni/RunAsWinTcb\n\n#infosec #cybersecurity #pentesting #hackersfactory\n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-09-05T07:29:58.000000Z"}, {"uuid": "75561034-a446-48a0-9fd8-45a2fc1417ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40036", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3179", "content": "Hackers Factory \n\nPeer-to-peer bidirectional connection based on Network.framework\n\nhttps://github.com/saagarjha/AppleConnect\n\nAnalyse your malware to surgically obfuscate it\n\nhttps://github.com/dobin/avred\n\nBurp Suite Sharpener\nThis extension should add a number of UI and functional features to Burp Suite to make working with it a bit easier. The latest version of this extension is only compatible with Burp Suite version 2023.10-22956 and above.\n\nhttps://github.com/irsdl/BurpSuiteSharpenerEx/\n\nvulnlab.com reaper writeup\n\nhttps://github.com/macrl2000/reaper-wu\n\nRun Capture the Flags and Security Trainings with OWASP WrongSecrets\n\nhttps://github.com/OWASP/wrongsecrets-ctf-party\n\nMachine Learning for Cyber Security\n\nhttps://github.com/jivoi/awesome-ml-for-cybersecurity\n\nA collection of tools for security research on Starlink's User Terminal\n\nhttps://github.com/quarkslab/starlink-tools\n\nexamples of using radius2 to solve reversing challenges\n\nhttps://github.com/aemmitt-ns/radius2-examples\n\nGHSL-2023-112, GHSL-2023-102, GHSL-2023-103, GHSL-2023-092: Buffer Overflows in Notepad++ - CVE-2023-40031, CVE-2023-40036, CVE-2023-40164, CVE-2023-40166\n\nhttps://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/\n\nRunAsWinTcb\n\nhttps://github.com/tastypepperoni/RunAsWinTcb\n\n#infosec #cybersecurity #pentesting #hackersfactory\n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-09-05T07:29:58.000000Z"}, {"uuid": "0ea6f7c7-d08f-481e-82b7-bf2bc7fd74f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40038", "type": "seen", "source": "https://t.me/ctinow/170259", "content": "https://ift.tt/VXj5rxO\nCVE-2023-40038 | Arris DG860A/DG1670A WPA2 PSK predictable state", "creation_timestamp": "2024-01-19T16:12:00.000000Z"}, {"uuid": "b4cc0baa-a126-49f3-bf15-31c6c0ca74e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40031", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3187", "content": "Hackers Factory \n\nA fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests\n\nhttps://github.com/projectdiscovery/naabu\n\nA collection of phishing samples for researchers and detection developers.\n\nhttps://github.com/rf-peixoto/phishing_pot\n\nPassive subdomain continous monitoring tool.\n\nhttps://github.com/e1abrador/sub.Monitor\n\nSecurity scanner for your Terraform code\n\nhttps://github.com/aquasecurity/tfsec\n\nDetect and remediate misconfigurations and security risks across all your GitHub and GitLab assets\n\nhttps://github.com/Legit-Labs/legitify\n\nStreamline your recon and vulnerability detection process with SCRIPTKIDDI3, A recon and initial vulnerability detection tool built using shell script and open source tools.\n\nhttps://github.com/thecyberneh/scriptkiddi3\n\nUseful resources for SOC Analyst and SOC Analyst candidates.\n\nhttps://github.com/LetsDefend/awesome-soc-analyst\n\nXML-RPC Vulnerability Checker and Directory Fuzzer\n\nhttps://github.com/MINAD0/XML-RPC-Check\n\nA Python-based tool to detect the CVE-2023-30943 vulnerability in Moodle, which allows unauthorized folder creation via specially crafted requests in TinyMCE loaders.\n\nhttps://github.com/Chocapikk/CVE-2023-30943\n\nAn exploit for OpenTSDB <= 2.4.1 cmd injection (CVE-2023-36812/CVE-2023-25826) written in Fortran\n\nhttps://github.com/ErikWynter/opentsdb_key_cmd_injection\n\nNotepad++ heap buffer overflow vulnerability CVE-2023-40031 analysis and reproduction\n\nhttps://github.com/webraybtl/CVE-2023-40031\n\nPMP-Decrypter. This is a tool to decrypt the encrypted password strings in \"Patch My PC\"\n\nhttps://github.com/LuemmelSec/PMP-Decrypter\n\n#infosec #cybersecurity #hackersfactory \n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-09-10T12:01:22.000000Z"}, {"uuid": "62b7f936-9c86-40f8-8a3f-85e04c65e80a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40036", "type": "seen", "source": "https://t.me/cibsecurity/69218", "content": "\u203c CVE-2023-40036 \u203c\n\nNotepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `CharDistributionAnalysis::HandleOneChar`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-26T00:14:36.000000Z"}, {"uuid": "54497093-074b-4e92-acef-23f18ded964c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40030", "type": "seen", "source": "https://t.me/cibsecurity/69169", "content": "\u203c CVE-2023-40030 \u203c\n\nCargo downloads a Rust project\u00e2\u20ac\u2122s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by `cargo build --timings`. A malicious package included as a dependency may inject nearly arbitrary HTML here, potentially leading to cross-site scripting if the report is subsequently uploaded somewhere. The vulnerability affects users relying on dependencies from git, local paths, or alternative registries. Users who solely depend on crates.io are unaffected.Rust 1.60.0 introduced `cargo build --timings`, which produces a report of how long the different steps of the build process took. It includes lists of Cargo features for each crate. Prior to Rust 1.72, Cargo feature names were allowed to contain almost any characters (with some exceptions as used by the feature syntax), but it would produce a future incompatibility warning about them since Rust 1.49. crates.io is far more stringent about what it considers a valid feature name and has not allowed such feature names. As the feature names were included unescaped in the timings report, they could be used to inject Javascript into the page, for example with a feature name like `features = [\"<img src='' onerror=alert(0)\"]`. If this report were subsequently uploaded to a domain that uses credentials, the injected Javascript could access resources from the website visitor.This issue was fixed in Rust 1.72 by turning the future incompatibility warning into an error. Users should still exercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io has server-side checks preventing this attack, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to excercise care in choosing their dependencies though, as remote code execution is allowed by design there as well.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-25T02:13:41.000000Z"}, {"uuid": "61ae9c38-dff6-4e48-9dd7-a7dbb89b129c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40032", "type": "seen", "source": "https://t.me/cibsecurity/70219", "content": "\u203c CVE-2023-40032 \u203c\n\nlibvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 (or later) when processing untrusted input.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-11T22:27:42.000000Z"}, {"uuid": "c7e33850-6f1c-4781-855b-a7501fb25a16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40038", "type": "seen", "source": "https://t.me/ctinow/159786", "content": "https://ift.tt/mLuBlTe\nCVE-2023-40038", "creation_timestamp": "2023-12-27T21:26:33.000000Z"}, {"uuid": "9031a7ec-43cc-48f9-a18c-2779058d8c35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40039", "type": "seen", "source": "https://t.me/cibsecurity/70190", "content": "\u203c CVE-2023-40039 \u203c\n\nAn issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-11T12:22:03.000000Z"}, {"uuid": "22b0e7a7-00a7-4f9c-bfc0-638072d011ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40037", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9467", "content": "#Threat_Research\n\"Incomplete Validation of JDBC and JNDI Connection URLs in Apache NiFi (CVE-2023-40037)\",\u00a02023.\n]-> https://github.com/mbadanoiu/CVE-2023-40037", "creation_timestamp": "2024-10-28T06:52:18.000000Z"}, {"uuid": "a4e658f7-6192-4393-8ed2-567792186633", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40033", "type": "seen", "source": "https://t.me/cibsecurity/68695", "content": "\u203c CVE-2023-40033 \u203c\n\nFlarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery (SSRF) attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofing the MIME type, an attacker can manipulate the application to execute unintended actions. The vulnerability is due to the behavior of the `intervention/image` package, which attempts to interpret the supplied file contents as a URL, which then fetches its contents. This allows an attacker to exploit the vulnerability to perform SSRF attacks, disclose local file contents, or conduct a blind oracle attack. This has been patched in Flarum version 1.8.0. Users are advised to upgrade. Users unable to upgrade may disable PHP's `allow_url_fopen` which will prevent the fetching of external files via URLs as a temporary workaround for the SSRF aspect of the vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-17T00:36:48.000000Z"}, {"uuid": "6f682f24-f126-48e9-a95a-7b7937c2c787", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40034", "type": "seen", "source": "https://t.me/cibsecurity/68692", "content": "\u203c CVE-2023-40034 \u203c\n\nWoodpecker is a community fork of the Drone CI system. In affected versions an attacker can post malformed webhook data witch lead to an update of the repository data that can e.g. allow the takeover of an repo. This is only critical if the CI is configured for public usage and connected to a forge witch is also in public usage. This issue has been addressed in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should secure the CI system by making it inaccessible to untrusted entities, for example, by placing it behind a firewall.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-17T00:36:45.000000Z"}, {"uuid": "8ea90be6-a6a6-4552-aa0d-606cbdca4e05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40035", "type": "seen", "source": "https://t.me/cibsecurity/69097", "content": "\u203c CVE-2023-40035 \u203c\n\nCraft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable only in the authenticated users, configuration with ALLOW_ADMIN_CHANGES=true, there is still a potential security threat (Remote Code Execution). This issue has been patched in version 4.4.15 and version 3.8.15.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-24T00:14:19.000000Z"}, {"uuid": "b6ccf2ba-3753-4855-9352-74a24246c3bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40037", "type": "seen", "source": "https://t.me/cibsecurity/68850", "content": "\u203c CVE-2023-40037 \u203c\n\nApache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custom input formatting. The resolution enhances connection URL validation and introduces validation for additional related properties. Upgrading to Apache NiFi 1.23.1 is the recommended mitigation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-19T02:38:35.000000Z"}, {"uuid": "416ea594-b262-4183-a4a1-d4d56e702ebc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40037", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/2107", "content": "#Threat_Research\n\"Incomplete Validation of JDBC and JNDI Connection URLs in Apache NiFi (CVE-2023-40037)\",\u00a0 2023.\n]-> https://github.com/mbadanoiu/CVE-2023-40037", "creation_timestamp": "2024-08-16T08:52:58.000000Z"}]}