Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay/com.liferay.portal.security.auth.verifier@6.0.26
Typemaven
Namespacecom.liferay
Namecom.liferay.portal.security.auth.verifier
Version6.0.26
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-11q8-ec8g-nqes
vulnerability_id VCID-11q8-ec8g-nqes
summary 
Liferay Portal and DXP do not properly restrict access to OpenAPI
Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly restrict access to OpenAPI in certain circumstances, which allows remote attackers to access the OpenAPI YAML file via a crafted URL.
references
0
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
url https://github.com/liferay/liferay-portal
1
reference_url https://github.com/liferay/liferay-portal/commit/1ec03c02f2e0ecfdf4101c1a7ade5353767e62e3
reference_id
reference_type
scores
url https://github.com/liferay/liferay-portal/commit/1ec03c02f2e0ecfdf4101c1a7ade5353767e62e3
2
reference_url https://github.com/liferay/liferay-portal/commit/27b51dbae35bd6e4b415fb33ecf14b2144b5038f
reference_id
reference_type
scores
url https://github.com/liferay/liferay-portal/commit/27b51dbae35bd6e4b415fb33ecf14b2144b5038f
3
reference_url https://github.com/liferay/liferay-portal/commit/bc6138ce1be22babbd90dc2190f4dbe91c039334
reference_id
reference_type
scores
url https://github.com/liferay/liferay-portal/commit/bc6138ce1be22babbd90dc2190f4dbe91c039334
4
reference_url https://liferay.atlassian.net/browse/LPE-17884
reference_id
reference_type
scores
url https://liferay.atlassian.net/browse/LPE-17884
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62256
reference_id CVE-2025-62256
reference_type
scores
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62256
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62256
reference_id CVE-2025-62256
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-62256
7
reference_url https://github.com/advisories/GHSA-j82q-c85j-xw4w
reference_id GHSA-j82q-c85j-xw4w
reference_type
scores
url https://github.com/advisories/GHSA-j82q-c85j-xw4w
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.portal.security.auth.verifier@6.0.26
purl pkg:maven/com.liferay/com.liferay.portal.security.auth.verifier@6.0.26
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.security.auth.verifier@6.0.26
aliases CVE-2025-62256, GHSA-j82q-c85j-xw4w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-11q8-ec8g-nqes
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.security.auth.verifier@6.0.26