GHSA-9mxg-p873-6793

Source

https://github.com/advisories/GHSA-9mxg-p873-6793

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9mxg-p873-6793/GHSA-9mxg-p873-6793.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9mxg-p873-6793

Aliases

CVE-2021-29047

Published

2022-05-24T19:02:32Z

Modified

2025-05-14T08:27:08.200508Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Liferay Portal and Liferay DXP Fails to Invalidate CAPTCHA Answers After Use

Details

The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.

Database specific

{
    "github_reviewed": true,
    "nvd_published_at": "2021-05-16T16:15:00Z",
    "cwe_ids": [
        "CWE-287"
    ],
    "github_reviewed_at": "2025-05-14T07:43:27Z",
    "severity": "HIGH"
}

References

Affected packages

Maven / com.liferay.portal:release.portal.bom

Package

Name: com.liferay.portal:release.portal.bom; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/release.portal.bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.3.4

Fixed

7.3.6

Affected versions

7.*

7.3.4

7.3.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9mxg-p873-6793/GHSA-9mxg-p873-6793.json"

Maven / com.liferay.portal:release.dxp.bom

Package

Name: com.liferay.portal:release.dxp.bom; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/release.dxp.bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.3.10.fp1

Affected versions

7.*

7.0.10.fp60

7.0.10.fp61

7.0.10.fp62

7.0.10.fp63

7.0.10.fp64

7.0.10.fp65

7.0.10.fp66

7.0.10.fp67

7.0.10.fp68

7.0.10.fp69

7.0.10.fp70

7.0.10.fp71

7.0.10.fp72

7.0.10.fp73

7.0.10.fp74

7.0.10.fp75

7.0.10.fp76

7.0.10.fp77

7.0.10.fp78

7.0.10.fp79

7.0.10.fp80

7.0.10.fp81

7.0.10.fp82

7.0.10.fp83

7.0.10.fp84

7.0.10.fp85

7.0.10.fp85-1

7.0.10.fp86

7.0.10.fp86-1

7.0.10.fp87

7.0.10.fp87-1

7.0.10.fp88

7.0.10.fp89

7.0.10.fp90

7.0.10.fp91

7.0.10.fp92

7.0.10.fp94

7.0.10.fp94-1

7.0.10.fp95

7.0.10.fp95-1

7.0.10.fp95-2

7.0.10.fp97

7.0.10.fp98

7.0.10.fp100

7.0.10.fp101

7.0.10.fp102

7.0.10.7

7.0.10.8

7.0.10.9

7.0.10.14

7.0.10.14-1

7.0.10.16

7.0.10.17

7.1.10

7.1.10.fp1

7.1.10.fp2

7.1.10.fp3

7.1.10.fp4

7.1.10.fp5

7.1.10.fp6

7.1.10.fp7

7.1.10.fp8

7.1.10.fp9

7.1.10.fp10

7.1.10.fp11

7.1.10.fp12

7.1.10.fp13

7.1.10.fp14

7.1.10.fp15

7.1.10.fp16

7.1.10.fp17

7.1.10.fp18

7.1.10.fp19

7.1.10.fp20

7.1.10.fp22

7.1.10.fp24

7.1.10.fp25

7.1.10.fp26

7.1.10.fp27

7.1.10.fp28

7.1.10.1

7.1.10.3

7.1.10.4

7.1.10.5

7.1.10.6

7.1.10.7

7.1.10.8

7.2.1

7.2.10

7.2.10.fp1

7.2.10.fp1-1

7.2.10.fp2

7.2.10.fp3

7.2.10.fp4

7.2.10.fp5

7.2.10.fp6

7.2.10.fp7

7.2.10.fp8

7.2.10.fp9

7.2.10.fp10

7.2.10.fp11

7.2.10.fp12

7.2.10.fp13

7.2.10.fp14

7.2.10.fp15

7.2.10.fp16

7.2.10.fp17

7.2.10.fp18

7.2.10.fp19

7.2.10.fp20

7.2.10.1

7.2.10.2

7.2.10.3

7.2.10.3-1

7.2.10.4

7.2.10.4-1

7.2.10.5

7.2.10.5-1

7.2.10.6

7.2.10.7

7.2.10.8

7.3.10

7.3.10.ep3

7.3.10.ep4

7.3.10.ep5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9mxg-p873-6793/GHSA-9mxg-p873-6793.json"