Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through update 35, and 7.2 fix pack 8 through fix pack 20 does not limit the depth of a GraphQL queries, which allows remote attackers to perform denial-of-service (DoS) attacks on the application by executing complex queries.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "2023.q3.1"
},
{
"last_affected": "2023.q3.2"
}
],
"vendor_product": "liferay:digital_experience_platform",
"source": "CPE_RANGE"
},
{
"cpes": [
"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_10:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_11:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_12:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_13:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_14:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_15:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_16:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_17:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_18:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_19:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_20:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_8:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_9:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:-:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_1:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_2:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:service_pack_1:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:service_pack_2:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:service_pack_3:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update10:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update11:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update12:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update13:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update14:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update15:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update16:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update17:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update18:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update19:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update1:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update20:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update21:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update22:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update23:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update24:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update25:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update26:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update27:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update28:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update29:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update2:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update30:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update31:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update32:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update33:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update34:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update35:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update3:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update4:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update5:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update6:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update7:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update8:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.3:update9:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "7.2-fix_pack_10"
},
{
"last_affected": "7.2-fix_pack_10"
},
{
"introduced": "7.2-fix_pack_11"
},
{
"last_affected": "7.2-fix_pack_11"
},
{
"introduced": "7.2-fix_pack_12"
},
{
"last_affected": "7.2-fix_pack_12"
},
{
"introduced": "7.2-fix_pack_13"
},
{
"last_affected": "7.2-fix_pack_13"
},
{
"introduced": "7.2-fix_pack_14"
},
{
"last_affected": "7.2-fix_pack_14"
},
{
"introduced": "7.2-fix_pack_15"
},
{
"last_affected": "7.2-fix_pack_15"
},
{
"introduced": "7.2-fix_pack_16"
},
{
"last_affected": "7.2-fix_pack_16"
},
{
"introduced": "7.2-fix_pack_17"
},
{
"last_affected": "7.2-fix_pack_17"
},
{
"introduced": "7.2-fix_pack_18"
},
{
"last_affected": "7.2-fix_pack_18"
},
{
"introduced": "7.2-fix_pack_19"
},
{
"last_affected": "7.2-fix_pack_19"
},
{
"introduced": "7.2-fix_pack_20"
},
{
"last_affected": "7.2-fix_pack_20"
},
{
"introduced": "7.2-fix_pack_8"
},
{
"last_affected": "7.2-fix_pack_8"
},
{
"introduced": "7.2-fix_pack_9"
},
{
"last_affected": "7.2-fix_pack_9"
},
{
"introduced": "7.3-NA"
},
{
"last_affected": "7.3-NA"
},
{
"introduced": "7.3-fix_pack_1"
},
{
"last_affected": "7.3-fix_pack_1"
},
{
"introduced": "7.3-fix_pack_2"
},
{
"last_affected": "7.3-fix_pack_2"
},
{
"introduced": "7.3-service_pack_1"
},
{
"last_affected": "7.3-service_pack_1"
},
{
"introduced": "7.3-service_pack_2"
},
{
"last_affected": "7.3-service_pack_2"
},
{
"introduced": "7.3-service_pack_3"
},
{
"last_affected": "7.3-service_pack_3"
},
{
"introduced": "7.3-update1"
},
{
"last_affected": "7.3-update1"
},
{
"introduced": "7.3-update10"
},
{
"last_affected": "7.3-update10"
},
{
"introduced": "7.3-update11"
},
{
"last_affected": "7.3-update11"
},
{
"introduced": "7.3-update12"
},
{
"last_affected": "7.3-update12"
},
{
"introduced": "7.3-update13"
},
{
"last_affected": "7.3-update13"
},
{
"introduced": "7.3-update14"
},
{
"last_affected": "7.3-update14"
},
{
"introduced": "7.3-update15"
},
{
"last_affected": "7.3-update15"
},
{
"introduced": "7.3-update16"
},
{
"last_affected": "7.3-update16"
},
{
"introduced": "7.3-update17"
},
{
"last_affected": "7.3-update17"
},
{
"introduced": "7.3-update18"
},
{
"last_affected": "7.3-update18"
},
{
"introduced": "7.3-update19"
},
{
"last_affected": "7.3-update19"
},
{
"introduced": "7.3-update2"
},
{
"last_affected": "7.3-update2"
},
{
"introduced": "7.3-update20"
},
{
"last_affected": "7.3-update20"
},
{
"introduced": "7.3-update21"
},
{
"last_affected": "7.3-update21"
},
{
"introduced": "7.3-update22"
},
{
"last_affected": "7.3-update22"
},
{
"introduced": "7.3-update23"
},
{
"last_affected": "7.3-update23"
},
{
"introduced": "7.3-update24"
},
{
"last_affected": "7.3-update24"
},
{
"introduced": "7.3-update25"
},
{
"last_affected": "7.3-update25"
},
{
"introduced": "7.3-update26"
},
{
"last_affected": "7.3-update26"
},
{
"introduced": "7.3-update27"
},
{
"last_affected": "7.3-update27"
},
{
"introduced": "7.3-update28"
},
{
"last_affected": "7.3-update28"
},
{
"introduced": "7.3-update29"
},
{
"last_affected": "7.3-update29"
},
{
"introduced": "7.3-update3"
},
{
"last_affected": "7.3-update3"
},
{
"introduced": "7.3-update30"
},
{
"last_affected": "7.3-update30"
},
{
"introduced": "7.3-update31"
},
{
"last_affected": "7.3-update31"
},
{
"introduced": "7.3-update32"
},
{
"last_affected": "7.3-update32"
},
{
"introduced": "7.3-update33"
},
{
"last_affected": "7.3-update33"
},
{
"introduced": "7.3-update34"
},
{
"last_affected": "7.3-update34"
},
{
"introduced": "7.3-update35"
},
{
"last_affected": "7.3-update35"
},
{
"introduced": "7.3-update4"
},
{
"last_affected": "7.3-update4"
},
{
"introduced": "7.3-update5"
},
{
"last_affected": "7.3-update5"
},
{
"introduced": "7.3-update6"
},
{
"last_affected": "7.3-update6"
},
{
"introduced": "7.3-update7"
},
{
"last_affected": "7.3-update7"
},
{
"introduced": "7.3-update8"
},
{
"last_affected": "7.3-update8"
},
{
"introduced": "7.3-update9"
},
{
"last_affected": "7.3-update9"
},
{
"introduced": "7.4"
},
{
"last_affected": "7.4"
}
],
"vendor_product": "liferay:digital_experience_platform",
"source": "CPE_STRING"
}
]
}