Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.web@3.0.23
Typemaven
Namespacecom.liferay
Namecom.liferay.dynamic.data.mapping.form.web
Version3.0.23
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.0.180
Latest_non_vulnerable_version4.0.180
Affected_by_vulnerabilities
0
url VCID-4mr1-kemj-tbba
vulnerability_id VCID-4mr1-kemj-tbba
summary 
Liferay Portal users can upload an unlimited amount of files
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the forms, the files are stored in the document_library allowing an attacker to cause a potential DDoS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43762
reference_id
reference_type
scores
0
value 0.0011
scoring_system epss
scoring_elements 0.28956
published_at 2026-06-05T12:55:00Z
1
value 0.0011
scoring_system epss
scoring_elements 0.28884
published_at 2026-06-07T12:55:00Z
2
value 0.0011
scoring_system epss
scoring_elements 0.2892
published_at 2026-06-06T12:55:00Z
3
value 0.00119
scoring_system epss
scoring_elements 0.3034
published_at 2026-06-08T12:55:00Z
4
value 0.00119
scoring_system epss
scoring_elements 0.30356
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43762
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/9d32b089f30a42c8fd2d30832b3c90eefb5afe84
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/9d32b089f30a42c8fd2d30832b3c90eefb5afe84
3
reference_url https://liferay.atlassian.net/browse/LPE-18177
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18177
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43762
reference_id CVE-2025-43762
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-22T19:03:43Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43762
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43762
reference_id CVE-2025-43762
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43762
6
reference_url https://github.com/advisories/GHSA-84pp-qr92-95c9
reference_id GHSA-84pp-qr92-95c9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-84pp-qr92-95c9
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.web@4.0.180
purl pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.web@4.0.180
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.web@4.0.180
aliases CVE-2025-43762, GHSA-84pp-qr92-95c9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4mr1-kemj-tbba
1
url VCID-e2c4-kcy9-ukd9
vulnerability_id VCID-e2c4-kcy9-ukd9
summary 
Liferay Portal Unvalidated File Upload
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows remote unauthenticated users (guests) to upload files via the form attachment field without proper validation, enabling extension obfuscation and bypassing MIME type checks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43750
reference_id
reference_type
scores
0
value 0.00103
scoring_system epss
scoring_elements 0.27596
published_at 2026-06-08T12:55:00Z
1
value 0.00103
scoring_system epss
scoring_elements 0.27603
published_at 2026-06-09T12:55:00Z
2
value 0.00103
scoring_system epss
scoring_elements 0.27682
published_at 2026-06-06T12:55:00Z
3
value 0.00103
scoring_system epss
scoring_elements 0.27733
published_at 2026-06-05T12:55:00Z
4
value 0.00103
scoring_system epss
scoring_elements 0.27644
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43750
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/7f58439723c8373e038d5060d0bc58ff2475bdc5
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/7f58439723c8373e038d5060d0bc58ff2475bdc5
3
reference_url https://github.com/liferay/liferay-portal/commit/b9e57377cb88bad1775beab50558cc2bd5a9758e
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/b9e57377cb88bad1775beab50558cc2bd5a9758e
4
reference_url https://liferay.atlassian.net/browse/LPE-18190
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18190
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43750
reference_id CVE-2025-43750
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-20T15:16:22Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43750
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43750
reference_id CVE-2025-43750
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43750
7
reference_url https://github.com/advisories/GHSA-56qj-wp5r-mvhj
reference_id GHSA-56qj-wp5r-mvhj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-56qj-wp5r-mvhj
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.web@4.0.180
purl pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.web@4.0.180
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.web@4.0.180
aliases CVE-2025-43750, GHSA-56qj-wp5r-mvhj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2c4-kcy9-ukd9
Fixing_vulnerabilities
0
url VCID-jr2w-84ez-3kg2
vulnerability_id VCID-jr2w-84ez-3kg2
summary 
Liferay Portal and Liferay DXP autosaves form data for other users to see
The Dynamic Data Mapping module in Dynamic Data Mapping Form Web before 3.0.23 in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33323
reference_id
reference_type
scores
0
value 0.00417
scoring_system epss
scoring_elements 0.62094
published_at 2026-06-04T12:55:00Z
1
value 0.00417
scoring_system epss
scoring_elements 0.6215
published_at 2026-06-06T12:55:00Z
2
value 0.00417
scoring_system epss
scoring_elements 0.62142
published_at 2026-06-05T12:55:00Z
3
value 0.00417
scoring_system epss
scoring_elements 0.6214
published_at 2026-06-09T12:55:00Z
4
value 0.00417
scoring_system epss
scoring_elements 0.62123
published_at 2026-06-08T12:55:00Z
5
value 0.00417
scoring_system epss
scoring_elements 0.62139
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33323
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-17049
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17049
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33323
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33323
4
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747107
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747107
5
reference_url https://github.com/advisories/GHSA-fxpf-jr2q-vpvv
reference_id GHSA-fxpf-jr2q-vpvv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fxpf-jr2q-vpvv
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.web@3.0.23
purl pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.web@3.0.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4mr1-kemj-tbba
1
vulnerability VCID-e2c4-kcy9-ukd9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.web@3.0.23
aliases CVE-2021-33323, GHSA-fxpf-jr2q-vpvv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jr2w-84ez-3kg2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.web@3.0.23