Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@4.0.18

Type maven

Namespace com.liferay

Name com.liferay.portal.vulcan.impl

Version 4.0.18

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.0.127

Latest_non_vulnerable_version 5.0.127

Affected_by_vulnerabilities

url VCID-eng3-2741-47fm

vulnerability_id VCID-eng3-2741-47fm

summary A memory leak in the headless API for StructuredContents in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2024.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows an attacker to cause server unavailability (denial of service) via repeatedly calling the API endpoint.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43816

reference_id

reference_type

scores

value	0.00141
scoring_system	epss
scoring_elements	0.34091
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43816

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://liferay.atlassian.net/browse/LPE-18005

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18005

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43816

reference_id

CVE-2025-43816

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T17:38:55Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43816

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43816

reference_id

CVE-2025-43816

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43816

reference_url

https://github.com/advisories/GHSA-hrqm-qpw9-w8rv

reference_id

GHSA-hrqm-qpw9-w8rv

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hrqm-qpw9-w8rv

fixed_packages

url pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.115

purl pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.115

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e3n1-c81q-y7br

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.115

aliases CVE-2025-43816, GHSA-hrqm-qpw9-w8rv

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eng3-2741-47fm

url VCID-v1t7-ftn6-1bcw

vulnerability_id VCID-v1t7-ftn6-1bcw

summary Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through update 35, and 7.2 fix pack 8 through fix pack 20 does not limit the depth of a GraphQL queries, which allows remote attackers to perform denial-of-service (DoS) attacks on the application by executing complex queries.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-3602

reference_id

reference_type

scores

value	0.00547
scoring_system	epss
scoring_elements	0.6829
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-3602

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/6c6dad38c9c891ad58cdee9deb2e35432d7e8816

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/6c6dad38c9c891ad58cdee9deb2e35432d7e8816

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-3602

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-3602

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3602

reference_id

CVE-2025-3602

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T14:29:39Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3602

reference_url	https://github.com/advisories/GHSA-8c26-xm99-53w7
reference_id	GHSA-8c26-xm99-53w7
reference_type
scores
url	https://github.com/advisories/GHSA-8c26-xm99-53w7

fixed_packages

url pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.103

purl pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.103

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-53r6-urqs-afes

vulnerability	VCID-e3n1-c81q-y7br

vulnerability	VCID-eng3-2741-47fm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.103

aliases CVE-2025-3602, GHSA-8c26-xm99-53w7

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v1t7-ftn6-1bcw

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@4.0.18

Package Instance