{"url":"http://public2.vulnerablecode.io/api/packages/71059?format=json","purl":"pkg:maven/com.liferay/com.liferay.portal.security.auth.verifier@6.0.26","type":"maven","namespace":"com.liferay","name":"com.liferay.portal.security.auth.verifier","version":"6.0.26","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48112?format=json","vulnerability_id":"VCID-11q8-ec8g-nqes","summary":"Liferay Portal and DXP do not properly restrict access to OpenAPI\nLiferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly restrict access to OpenAPI in certain circumstances, which allows remote attackers to access the OpenAPI YAML file via a crafted URL.","references":[{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/1ec03c02f2e0ecfdf4101c1a7ade5353767e62e3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/liferay/liferay-portal/commit/1ec03c02f2e0ecfdf4101c1a7ade5353767e62e3"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/27b51dbae35bd6e4b415fb33ecf14b2144b5038f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/liferay/liferay-portal/commit/27b51dbae35bd6e4b415fb33ecf14b2144b5038f"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/bc6138ce1be22babbd90dc2190f4dbe91c039334","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/liferay/liferay-portal/commit/bc6138ce1be22babbd90dc2190f4dbe91c039334"},{"reference_url":"https://liferay.atlassian.net/browse/LPE-17884","reference_id":"","reference_type":"","scores":[],"url":"https://liferay.atlassian.net/browse/LPE-17884"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62256","reference_id":"CVE-2025-62256","reference_type":"","scores":[],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62256"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62256","reference_id":"CVE-2025-62256","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62256"},{"reference_url":"https://github.com/advisories/GHSA-j82q-c85j-xw4w","reference_id":"GHSA-j82q-c85j-xw4w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j82q-c85j-xw4w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71059?format=json","purl":"pkg:maven/com.liferay/com.liferay.portal.security.auth.verifier@6.0.26","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.security.auth.verifier@6.0.26"}],"aliases":["CVE-2025-62256","GHSA-j82q-c85j-xw4w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-11q8-ec8g-nqes"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.security.auth.verifier@6.0.26"}