Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-bvsa-p6z7-f3dx
Summary
Aliases
0
alias CVE-2022-42118
1
alias GHSA-mr77-4pm4-x9vm
Fixed_packages
0
url pkg:maven/com.liferay/com.liferay.portal.search.web@6.0.12
purl pkg:maven/com.liferay/com.liferay.portal.search.web@6.0.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.search.web@6.0.12
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp27
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp27
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp27
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fbq4-rkgc-77br
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp15
Affected_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.1.0
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1u2t-e6c5-yfez
1
vulnerability VCID-3cw7-wb7f-dkgt
2
vulnerability VCID-3uxy-fzye-2qc2
3
vulnerability VCID-567k-vuy4-vqhv
4
vulnerability VCID-6ffy-en34-1kfg
5
vulnerability VCID-721d-dtky-8ycd
6
vulnerability VCID-7vd5-5xbf-eqa7
7
vulnerability VCID-8e93-zavb-mbdw
8
vulnerability VCID-bvsa-p6z7-f3dx
9
vulnerability VCID-d9m4-h45w-cybh
10
vulnerability VCID-dqtk-aucn-a3bh
11
vulnerability VCID-e42x-p4br-vyfj
12
vulnerability VCID-easd-pjah-p7e5
13
vulnerability VCID-ec3h-msg4-8ugx
14
vulnerability VCID-f2hu-swmn-tfha
15
vulnerability VCID-f4pp-shhv-xuh5
16
vulnerability VCID-h6mq-bv3q-ckaq
17
vulnerability VCID-jz8d-f2c6-zufm
18
vulnerability VCID-k7q9-4n73-sqe4
19
vulnerability VCID-ng7y-r139-qyay
20
vulnerability VCID-nh55-b24g-vuc3
21
vulnerability VCID-pmkt-samy-ekhg
22
vulnerability VCID-pq34-3vhq-vbfv
23
vulnerability VCID-qpph-qy41-dyej
24
vulnerability VCID-qy18-x6x2-dyc5
25
vulnerability VCID-rvb2-hdxw-hqbj
26
vulnerability VCID-vzme-6bym-mybt
27
vulnerability VCID-wqbp-ymj2-6fes
28
vulnerability VCID-wzh7-eus3-4bgc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.0
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.0
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1u2t-e6c5-yfez
1
vulnerability VCID-2q68-bkeh-t7aw
2
vulnerability VCID-3uxy-fzye-2qc2
3
vulnerability VCID-5628-87wr-nybq
4
vulnerability VCID-567k-vuy4-vqhv
5
vulnerability VCID-6ffy-en34-1kfg
6
vulnerability VCID-6vrh-zspb-nbct
7
vulnerability VCID-721d-dtky-8ycd
8
vulnerability VCID-7vd5-5xbf-eqa7
9
vulnerability VCID-8e93-zavb-mbdw
10
vulnerability VCID-8xfv-nz1w-myg4
11
vulnerability VCID-bjj2-prjz-5kew
12
vulnerability VCID-bnhf-9e6r-ubaw
13
vulnerability VCID-bqpt-c2qn-2ke2
14
vulnerability VCID-bvsa-p6z7-f3dx
15
vulnerability VCID-c8b6-9v2k-vkdy
16
vulnerability VCID-d9m4-h45w-cybh
17
vulnerability VCID-dqtk-aucn-a3bh
18
vulnerability VCID-duvg-hkyn-uqcs
19
vulnerability VCID-e41e-8hvb-nkas
20
vulnerability VCID-e42x-p4br-vyfj
21
vulnerability VCID-easd-pjah-p7e5
22
vulnerability VCID-ec3h-msg4-8ugx
23
vulnerability VCID-f2hu-swmn-tfha
24
vulnerability VCID-f4pp-shhv-xuh5
25
vulnerability VCID-gb78-25na-4kak
26
vulnerability VCID-h6mq-bv3q-ckaq
27
vulnerability VCID-hkxe-23ch-4uas
28
vulnerability VCID-hm6a-7agu-x7hw
29
vulnerability VCID-jr3f-yvy8-bbak
30
vulnerability VCID-jz8d-f2c6-zufm
31
vulnerability VCID-k7q9-4n73-sqe4
32
vulnerability VCID-ng7y-r139-qyay
33
vulnerability VCID-nh55-b24g-vuc3
34
vulnerability VCID-pmkt-samy-ekhg
35
vulnerability VCID-pq34-3vhq-vbfv
36
vulnerability VCID-qpph-qy41-dyej
37
vulnerability VCID-qr3x-2ch3-v3cv
38
vulnerability VCID-qy18-x6x2-dyc5
39
vulnerability VCID-rvb2-hdxw-hqbj
40
vulnerability VCID-rz3z-byxd-hqgw
41
vulnerability VCID-sca1-1ew3-8kah
42
vulnerability VCID-suqj-3zjg-5qaa
43
vulnerability VCID-vzme-6bym-mybt
44
vulnerability VCID-wk7y-qvkd-jbep
45
vulnerability VCID-wqbp-ymj2-6fes
46
vulnerability VCID-wzh7-eus3-4bgc
47
vulnerability VCID-zs1z-h53m-pyev
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.0
References
0
reference_url http://liferay.com
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:37:48Z/
url http://liferay.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42118
reference_id
reference_type
scores
0
value 0.13205
scoring_system epss
scoring_elements 0.94255
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42118
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://github.com/liferay/liferay-portal/commit/b42f1e70a69a31a3f2f7004a5b1923ec1e1e5445
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/b42f1e70a69a31a3f2f7004a5b1923ec1e1e5445
4
reference_url https://issues.liferay.com/browse/LPE-17342
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:37:48Z/
url https://issues.liferay.com/browse/LPE-17342
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42118?p_r_p_assetEntryId=121613298&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613298%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-42118?p_r_p_assetEntryId=121613298&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121613298%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
6
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42118
reference_id cve-2022-42118
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:37:48Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42118
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42118
reference_id CVE-2022-42118
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42118
8
reference_url https://github.com/advisories/GHSA-mr77-4pm4-x9vm
reference_id GHSA-mr77-4pm4-x9vm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mr77-4pm4-x9vm
Weaknesses
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-bvsa-p6z7-f3dx