Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay/com.liferay.dynamic.data.mapping.service@5.3.8
Typemaven
Namespacecom.liferay
Namecom.liferay.dynamic.data.mapping.service
Version5.3.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.0.0
Latest_non_vulnerable_version6.0.0
Affected_by_vulnerabilities
0
url VCID-k6d6-hyep-pbac
vulnerability_id VCID-k6d6-hyep-pbac
summary 
Liferay Portal and Liferay DXP has incorrect default permissions for site members
The Dynamic Data Mapping module before 4.0.39 from Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site members, which allows remote authenticated users with the site member role to add and duplicate forms, via the UI or the API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38268
reference_id
reference_type
scores
0
value 0.00119
scoring_system epss
scoring_elements 0.30425
published_at 2026-06-04T12:55:00Z
1
value 0.00119
scoring_system epss
scoring_elements 0.30465
published_at 2026-06-06T12:55:00Z
2
value 0.00119
scoring_system epss
scoring_elements 0.30498
published_at 2026-06-05T12:55:00Z
3
value 0.00119
scoring_system epss
scoring_elements 0.30419
published_at 2026-06-09T12:55:00Z
4
value 0.00119
scoring_system epss
scoring_elements 0.30403
published_at 2026-06-08T12:55:00Z
5
value 0.00119
scoring_system epss
scoring_elements 0.30435
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38268
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/16228425d7395b564f3c4cb5fae0c71c7228202b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/16228425d7395b564f3c4cb5fae0c71c7228202b
3
reference_url https://liferay.atlassian.net/browse/LPE-17150
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17150
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38268-site-member-can-add-new-forms-by-default?p_r_p_assetEntryId=121611813&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611813%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38268-site-member-can-add-new-forms-by-default?p_r_p_assetEntryId=121611813&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611813%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38268
reference_id CVE-2021-38268
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38268
6
reference_url https://github.com/advisories/GHSA-f855-2rvm-5j7h
reference_id GHSA-f855-2rvm-5j7h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f855-2rvm-5j7h
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.service@6.0.0
purl pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.service@6.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.service@6.0.0
aliases CVE-2021-38268, GHSA-f855-2rvm-5j7h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k6d6-hyep-pbac
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.service@5.3.8