VulnerableCode Package Details - pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3uxy-fzye-2qc2		CVE-2021-29040 GHSA-87x7-pwrx-jch7
VCID-721d-dtky-8ycd		CVE-2021-29043 GHSA-xx2h-2hf5-v7vv
VCID-d9m4-h45w-cybh	Liferay Portal and Liferay DXP has incorrect default permissions for site members The Dynamic Data Mapping module before 4.0.39 from Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site members, which allows remote authenticated users with the site member role to add and duplicate forms, via the UI or the API.	CVE-2021-38268 GHSA-f855-2rvm-5j7h
VCID-ng7y-r139-qyay		CVE-2021-29044 GHSA-wcr5-3q96-c2gr
VCID-wk7y-qvkd-jbep		CVE-2021-29051 GHSA-jvvx-8g42-9559

Vulnerability

Summary

Aliases

VCID-3uxy-fzye-2qc2

CVE-2021-29040
GHSA-87x7-pwrx-jch7

VCID-721d-dtky-8ycd

CVE-2021-29043
GHSA-xx2h-2hf5-v7vv

VCID-d9m4-h45w-cybh

Liferay Portal and Liferay DXP has incorrect default permissions for site members The Dynamic Data Mapping module before 4.0.39 from Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site members, which allows remote authenticated users with the site member role to add and duplicate forms, via the UI or the API.

CVE-2021-38268
GHSA-f855-2rvm-5j7h

VCID-ng7y-r139-qyay

CVE-2021-29044
GHSA-wcr5-3q96-c2gr

VCID-wk7y-qvkd-jbep

CVE-2021-29051
GHSA-jvvx-8g42-9559

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T00:58:29.658223+00:00	GHSA Importer	Fixing	VCID-ng7y-r139-qyay	https://github.com/advisories/GHSA-wcr5-3q96-c2gr	38.6.0
2026-05-31T00:58:29.140668+00:00	GHSA Importer	Fixing	VCID-721d-dtky-8ycd	https://github.com/advisories/GHSA-xx2h-2hf5-v7vv	38.6.0
2026-05-31T00:58:29.040498+00:00	GHSA Importer	Fixing	VCID-wk7y-qvkd-jbep	https://github.com/advisories/GHSA-jvvx-8g42-9559	38.6.0
2026-05-31T00:58:28.399082+00:00	GHSA Importer	Fixing	VCID-3uxy-fzye-2qc2	https://github.com/advisories/GHSA-87x7-pwrx-jch7	38.6.0
2026-05-31T00:55:24.910927+00:00	GHSA Importer	Fixing	VCID-d9m4-h45w-cybh	https://github.com/advisories/GHSA-f855-2rvm-5j7h	38.6.0
2026-05-30T20:57:17.897756+00:00	GitLab Importer	Fixing	VCID-d9m4-h45w-cybh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.liferay.portal/release.dxp.bom/CVE-2021-38268.yml	38.6.0