Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.web@2.0.95

Type maven

Namespace com.liferay

Name com.liferay.dynamic.data.mapping.form.web

Version 2.0.95

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.0.180

Latest_non_vulnerable_version 4.0.180

Affected_by_vulnerabilities

url VCID-55az-vg3q-r7g9

vulnerability_id VCID-55az-vg3q-r7g9

summary Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the forms, the files are stored in the document_library allowing an attacker to cause a potential DDoS.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43762

reference_id

reference_type

scores

value	0.00119
scoring_system	epss
scoring_elements	0.30592
published_at	2026-06-12T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30598
published_at	2026-06-14T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30396
published_at	2026-06-11T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30611
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43762

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/9d32b089f30a42c8fd2d30832b3c90eefb5afe84

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/9d32b089f30a42c8fd2d30832b3c90eefb5afe84

reference_url

https://liferay.atlassian.net/browse/LPE-18177

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18177

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43762

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43762

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43762

reference_id

CVE-2025-43762

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-22T19:03:43Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43762

reference_url

https://github.com/advisories/GHSA-84pp-qr92-95c9

reference_id

GHSA-84pp-qr92-95c9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-84pp-qr92-95c9

fixed_packages

url	pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.web@4.0.180
purl	pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.web@4.0.180
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.web@4.0.180

aliases CVE-2025-43762, GHSA-84pp-qr92-95c9

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-55az-vg3q-r7g9

url VCID-msx1-y2nc-n7gt

vulnerability_id VCID-msx1-y2nc-n7gt

summary Liferay Portal and Liferay DXP autosaves form data for other users to see

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-33323

reference_id

reference_type

scores

value	0.00417
scoring_system	epss
scoring_elements	0.62307
published_at	2026-06-12T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.62205
published_at	2026-06-11T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.62313
published_at	2026-06-14T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.62318
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-33323

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://issues.liferay.com/browse/LPE-17049

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.liferay.com/browse/LPE-17049

reference_url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747107

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747107

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-33323

reference_id

CVE-2021-33323

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-33323

reference_url

https://github.com/advisories/GHSA-fxpf-jr2q-vpvv

reference_id

GHSA-fxpf-jr2q-vpvv

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fxpf-jr2q-vpvv

fixed_packages

url pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.web@3.0.23

purl pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.web@3.0.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-55az-vg3q-r7g9

vulnerability	VCID-nwe9-k53t-e7hb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.web@3.0.23

aliases CVE-2021-33323, GHSA-fxpf-jr2q-vpvv

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-msx1-y2nc-n7gt

url VCID-nwe9-k53t-e7hb

vulnerability_id VCID-nwe9-k53t-e7hb

summary Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows remote unauthenticated users (guests) to upload files via the form attachment field without proper validation, enabling extension obfuscation and bypassing MIME type checks.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43750

reference_id

reference_type

scores

value	0.00103
scoring_system	epss
scoring_elements	0.27832
published_at	2026-06-12T12:55:00Z

value	0.00103
scoring_system	epss
scoring_elements	0.27846
published_at	2026-06-14T12:55:00Z

value	0.00103
scoring_system	epss
scoring_elements	0.2763
published_at	2026-06-11T12:55:00Z

value	0.00103
scoring_system	epss
scoring_elements	0.27857
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43750

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/7f58439723c8373e038d5060d0bc58ff2475bdc5

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/7f58439723c8373e038d5060d0bc58ff2475bdc5

reference_url

https://github.com/liferay/liferay-portal/commit/b9e57377cb88bad1775beab50558cc2bd5a9758e

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/b9e57377cb88bad1775beab50558cc2bd5a9758e

reference_url

https://liferay.atlassian.net/browse/LPE-18190

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18190

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43750

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43750

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43750

reference_id

CVE-2025-43750

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-20T15:16:22Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43750

reference_url

https://github.com/advisories/GHSA-56qj-wp5r-mvhj

reference_id

GHSA-56qj-wp5r-mvhj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-56qj-wp5r-mvhj

fixed_packages

url	pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.web@4.0.180
purl	pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.web@4.0.180
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.web@4.0.180

aliases CVE-2025-43750, GHSA-56qj-wp5r-mvhj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nwe9-k53t-e7hb

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.web@2.0.95

Package Instance