Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay/com.liferay.flags.taglib@3.2.5
Typemaven
Namespacecom.liferay
Namecom.liferay.flags.taglib
Version3.2.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.0.11
Latest_non_vulnerable_version5.0.11
Affected_by_vulnerabilities
0
url VCID-x13m-kscr-nkbf
vulnerability_id VCID-x13m-kscr-nkbf
summary 
Liferay Portal and Liferay DXP vulnerable to email spam via lack of flagging rate
The Flags module before version 5.0.11 in Liferay Portal 7.3.1 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 5, does not limit the rate at which content can be flagged as inappropriate, which allows remote authenticated users to spam the site administrator with emails
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33320
reference_id
reference_type
scores
0
value 0.00392
scoring_system epss
scoring_elements 0.60502
published_at 2026-06-04T12:55:00Z
1
value 0.00392
scoring_system epss
scoring_elements 0.60543
published_at 2026-06-09T12:55:00Z
2
value 0.00392
scoring_system epss
scoring_elements 0.60528
published_at 2026-06-08T12:55:00Z
3
value 0.00392
scoring_system epss
scoring_elements 0.60556
published_at 2026-06-06T12:55:00Z
4
value 0.00392
scoring_system epss
scoring_elements 0.6055
published_at 2026-06-05T12:55:00Z
5
value 0.00392
scoring_system epss
scoring_elements 0.60544
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33320
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://issues.liferay.com/browse/LPE-17007
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.liferay.com/browse/LPE-17007
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-33320-flagging-content-as-inappropriate-is-not-rate-limited?p_r_p_assetEntryId=121611464&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611464%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-33320-flagging-content-as-inappropriate-is-not-rate-limited?p_r_p_assetEntryId=121611464&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611464%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33320
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33320
5
reference_url https://github.com/advisories/GHSA-wg4x-hf94-fj5v
reference_id GHSA-wg4x-hf94-fj5v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wg4x-hf94-fj5v
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.flags.taglib@5.0.11
purl pkg:maven/com.liferay/com.liferay.flags.taglib@5.0.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.flags.taglib@5.0.11
aliases CVE-2021-33320, GHSA-wg4x-hf94-fj5v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x13m-kscr-nkbf
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.flags.taglib@3.2.5