Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/48112?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48112?format=api", "vulnerability_id": "VCID-11q8-ec8g-nqes", "summary": "Liferay Portal and DXP do not properly restrict access to OpenAPI\nLiferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly restrict access to OpenAPI in certain circumstances, which allows remote attackers to access the OpenAPI YAML file via a crafted URL.", "aliases": [ { "alias": "CVE-2025-62256" }, { "alias": "GHSA-j82q-c85j-xw4w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71059?format=api", "purl": "pkg:maven/com.liferay/com.liferay.portal.security.auth.verifier@6.0.26", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.security.auth.verifier@6.0.26" } ], "affected_packages": [], "references": [ { "reference_url": "https://github.com/liferay/liferay-portal", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/liferay/liferay-portal" }, { "reference_url": "https://github.com/liferay/liferay-portal/commit/1ec03c02f2e0ecfdf4101c1a7ade5353767e62e3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/liferay/liferay-portal/commit/1ec03c02f2e0ecfdf4101c1a7ade5353767e62e3" }, { "reference_url": "https://github.com/liferay/liferay-portal/commit/27b51dbae35bd6e4b415fb33ecf14b2144b5038f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/liferay/liferay-portal/commit/27b51dbae35bd6e4b415fb33ecf14b2144b5038f" }, { "reference_url": "https://github.com/liferay/liferay-portal/commit/bc6138ce1be22babbd90dc2190f4dbe91c039334", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/liferay/liferay-portal/commit/bc6138ce1be22babbd90dc2190f4dbe91c039334" }, { "reference_url": "https://liferay.atlassian.net/browse/LPE-17884", "reference_id": "", "reference_type": "", "scores": [], "url": "https://liferay.atlassian.net/browse/LPE-17884" }, { "reference_url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62256", "reference_id": "CVE-2025-62256", "reference_type": "", "scores": [], "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62256" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62256", "reference_id": "CVE-2025-62256", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62256" }, { "reference_url": "https://github.com/advisories/GHSA-j82q-c85j-xw4w", "reference_id": "GHSA-j82q-c85j-xw4w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j82q-c85j-xw4w" } ], "weaknesses": [ { "cwe_id": 862, "name": "Missing Authorization", "description": "The product does not perform an authorization check when an actor attempts to access a resource or perform an action." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-11q8-ec8g-nqes" }