Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.liferay/com.liferay.change.tracking.web@2.0.9

Type maven

Namespace com.liferay

Name com.liferay.change.tracking.web

Version 2.0.9

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.0.120

Latest_non_vulnerable_version 2.0.122

Affected_by_vulnerabilities

url VCID-n8n4-q54c-5fcy

vulnerability_id VCID-n8n4-q54c-5fcy

summary

Liferay Portal is vulnerable to CSRF through publication comments
Cross-site request forgery (CSRF) vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to add and edit publication comments.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-62245

reference_id

reference_type

scores

value	7e-05
scoring_system	epss
scoring_elements	0.00535
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-62245

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/dd89fff675f04d146fda38a1bec884cf40d0c756

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/dd89fff675f04d146fda38a1bec884cf40d0c756

reference_url

https://github.com/liferay/liferay-portal/commit/fa356d07ab239e790b7e460d33c25184aef58716

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/fa356d07ab239e790b7e460d33c25184aef58716

reference_url

https://liferay.atlassian.net/browse/LPE-17932

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-17932

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62245

reference_id

CVE-2025-62245

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:25:47Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62245

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-62245

reference_id

CVE-2025-62245

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-62245

reference_url

https://github.com/advisories/GHSA-9676-rh83-cr86

reference_id

GHSA-9676-rh83-cr86

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9676-rh83-cr86

fixed_packages

url	pkg:maven/com.liferay/com.liferay.change.tracking.web@2.0.121
purl	pkg:maven/com.liferay/com.liferay.change.tracking.web@2.0.121
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.change.tracking.web@2.0.121

aliases CVE-2025-62245, GHSA-9676-rh83-cr86

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n8n4-q54c-5fcy

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.change.tracking.web@2.0.9

Package Instance