Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay/com.liferay.oauth2.provider.rest@4.0.50
Typemaven
Namespacecom.liferay
Namecom.liferay.oauth2.provider.rest
Version4.0.50
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.0.51
Latest_non_vulnerable_version4.0.51
Affected_by_vulnerabilities
0
url VCID-huvy-gpy3-v3dp
vulnerability_id VCID-huvy-gpy3-v3dp
summary Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.89, and Liferay DXP 7.4 update 41 through update 89 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter. This issue is caused by an incomplete fix in CVE-2023-33941.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-44311
reference_id
reference_type
scores
0
value 0.00192
scoring_system epss
scoring_elements 0.41144
published_at 2026-06-12T12:55:00Z
1
value 0.00192
scoring_system epss
scoring_elements 0.41155
published_at 2026-06-14T12:55:00Z
2
value 0.00192
scoring_system epss
scoring_elements 0.40977
published_at 2026-06-11T12:55:00Z
3
value 0.00192
scoring_system epss
scoring_elements 0.41165
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-44311
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/c07e48d9f489b24e97e71139ac5aa7ef339d9ee9
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/c07e48d9f489b24e97e71139ac5aa7ef339d9ee9
3
reference_url https://liferay.atlassian.net/browse/LPE-17804
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17804
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44311?p_r_p_assetEntryId=122124899&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D122124899%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44311?p_r_p_assetEntryId=122124899&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D122124899%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44311
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-44311
6
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44311
reference_id cve-2023-44311
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T16:28:36Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44311
7
reference_url https://github.com/advisories/GHSA-49gm-5685-8fxv
reference_id GHSA-49gm-5685-8fxv
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-49gm-5685-8fxv
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.oauth2.provider.rest@4.0.51
purl pkg:maven/com.liferay/com.liferay.oauth2.provider.rest@4.0.51
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.oauth2.provider.rest@4.0.51
aliases CVE-2023-44311, GHSA-49gm-5685-8fxv
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-huvy-gpy3-v3dp
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.oauth2.provider.rest@4.0.50