Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp5
Next non-vulnerable version 7.2.10.fp6
Latest non-vulnerable version 2023.Q3.6
Risk
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-3cw7-wb7f-dkgt
Aliases:
CVE-2021-33336
GHSA-fvg6-9r88-7w85
7.2.10.fp7
Affected by 0 other vulnerabilities.
VCID-7vss-pq2q-syea
Aliases:
CVE-2020-15839
GHSA-c7f6-4vx5-4263
Unrestricted Upload of File with Dangerous Type Liferay Portal, and Liferay DXP before fix pack before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files.
7.2.10.fp6
Affected by 0 other vulnerabilities.
VCID-h3vc-3kbw-wygz
Aliases:
CVE-2022-28977
GHSA-w397-9p2j-6x23
7.2.10.fp14
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (4)
Vulnerability Summary Aliases
VCID-6ffy-en34-1kfg CVE-2021-33320
GHSA-wg4x-hf94-fj5v
VCID-bnhf-9e6r-ubaw Liferay Portal's account lockout does not invalidate existing user sessions Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked. CVE-2023-47798
GHSA-2mx7-xvfg-fg53
VCID-nh55-b24g-vuc3 CVE-2021-33322
GHSA-vwj8-4grf-3r8v
VCID-sca1-1ew3-8kah CVE-2021-33324
GHSA-474f-cmx5-gm69

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-31T01:02:00.237338+00:00 GHSA Importer Fixing VCID-bnhf-9e6r-ubaw https://github.com/advisories/GHSA-2mx7-xvfg-fg53 38.6.0
2026-05-31T01:00:34.425109+00:00 GHSA Importer Affected by VCID-h3vc-3kbw-wygz https://github.com/advisories/GHSA-w397-9p2j-6x23 38.6.0
2026-05-31T00:59:02.552213+00:00 GHSA Importer Fixing VCID-nh55-b24g-vuc3 https://github.com/advisories/GHSA-vwj8-4grf-3r8v 38.6.0
2026-05-31T00:58:35.925653+00:00 GHSA Importer Affected by VCID-3cw7-wb7f-dkgt https://github.com/advisories/GHSA-fvg6-9r88-7w85 38.6.0
2026-05-31T00:58:35.390986+00:00 GHSA Importer Fixing VCID-sca1-1ew3-8kah https://github.com/advisories/GHSA-474f-cmx5-gm69 38.6.0
2026-05-31T00:58:35.305008+00:00 GHSA Importer Fixing VCID-6ffy-en34-1kfg https://github.com/advisories/GHSA-wg4x-hf94-fj5v 38.6.0
2026-05-31T00:55:10.872232+00:00 GHSA Importer Affected by VCID-7vss-pq2q-syea https://github.com/advisories/GHSA-c7f6-4vx5-4263 38.6.0
2026-05-30T21:03:15.104945+00:00 GitLab Importer Fixing VCID-bnhf-9e6r-ubaw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.liferay.portal/release.dxp.bom/CVE-2023-47798.yml 38.6.0
2026-05-30T20:57:05.171189+00:00 GitLab Importer Affected by VCID-7vss-pq2q-syea https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.liferay.portal/release.dxp.bom/CVE-2020-15839.yml 38.6.0