Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay/com.liferay.users.admin.web@2.0.11
Typemaven
Namespacecom.liferay
Namecom.liferay.users.admin.web
Version2.0.11
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-n6qs-hded-rydp
vulnerability_id VCID-n6qs-hded-rydp
summary 
Liferay Portal and Liferay DXP Does Not Obfuscate Password Reminder Answers
In Liferay Impl before 5.18.4, Liferay Users Admin Web before 5.0.33, Liferay Login Web before 5.0.18, and Liferay Commerce Account Web before 3.0.7 from Liferay Portal (7.2.0 through 7.3.5), and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, 7.2 before fix pack 17, and older unsupported versions does not obfuscate password reminder answers on the page, which allows attackers to use man-in-the-middle or shoulder surfing attacks to steal user's password reminder answers.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29038
reference_id
reference_type
scores
0
value 0.00094
scoring_system epss
scoring_elements 0.26249
published_at 2026-06-09T12:55:00Z
1
value 0.00094
scoring_system epss
scoring_elements 0.26248
published_at 2026-06-04T12:55:00Z
2
value 0.00094
scoring_system epss
scoring_elements 0.26352
published_at 2026-06-05T12:55:00Z
3
value 0.00094
scoring_system epss
scoring_elements 0.26344
published_at 2026-06-06T12:55:00Z
4
value 0.00094
scoring_system epss
scoring_elements 0.263
published_at 2026-06-07T12:55:00Z
5
value 0.00094
scoring_system epss
scoring_elements 0.26244
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29038
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/5e2da784aeefce64107abd0411590db2b55faf0b
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/5e2da784aeefce64107abd0411590db2b55faf0b
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-29038
reference_id CVE-2021-29038
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:45:01Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-29038
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29038
reference_id CVE-2021-29038
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29038
5
reference_url https://github.com/advisories/GHSA-mwhf-6mjm-6w3h
reference_id GHSA-mwhf-6mjm-6w3h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwhf-6mjm-6w3h
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.users.admin.web@5.0.33
purl pkg:maven/com.liferay/com.liferay.users.admin.web@5.0.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-s86p-ew9a-rkgt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.users.admin.web@5.0.33
aliases CVE-2021-29038, GHSA-mwhf-6mjm-6w3h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n6qs-hded-rydp
1
url VCID-s86p-ew9a-rkgt
vulnerability_id VCID-s86p-ew9a-rkgt
summary 
Liferay Portal and Liferay DXP have a Denial Of Service via File Upload (DOS) vulnerability
A Denial Of Service via File Upload (DOS) vulnerability in Liferay Portal 7.4.3.0 through 7.4.3.132, Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows a user to upload a profile picture of more than 300kb into a user profile. This size is more than the noted max 300kb size. This extra data can significantly slow down the Liferay service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43736
reference_id
reference_type
scores
0
value 0.00236
scoring_system epss
scoring_elements 0.4678
published_at 2026-06-05T12:55:00Z
1
value 0.00236
scoring_system epss
scoring_elements 0.46765
published_at 2026-06-07T12:55:00Z
2
value 0.00236
scoring_system epss
scoring_elements 0.46783
published_at 2026-06-06T12:55:00Z
3
value 0.00668
scoring_system epss
scoring_elements 0.7168
published_at 2026-06-08T12:55:00Z
4
value 0.00668
scoring_system epss
scoring_elements 0.71702
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43736
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/RE:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/ab8932bee29df7df377c468f662d55e624d9390d
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/RE:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/ab8932bee29df7df377c468f662d55e624d9390d
3
reference_url https://liferay.atlassian.net/browse/LPE-18220
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/RE:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18220
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43736
reference_id CVE-2025-43736
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/RE:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T18:15:44Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43736
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43736
reference_id CVE-2025-43736
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/RE:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43736
6
reference_url https://github.com/advisories/GHSA-cg99-m88x-422c
reference_id GHSA-cg99-m88x-422c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cg99-m88x-422c
fixed_packages
0
url pkg:maven/com.liferay/com.liferay.users.admin.web@11.0.27
purl pkg:maven/com.liferay/com.liferay.users.admin.web@11.0.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ue69-dfpt-bqb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.users.admin.web@11.0.27
aliases CVE-2025-43736, GHSA-cg99-m88x-422c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s86p-ew9a-rkgt
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.users.admin.web@2.0.11