GHSA-fxpf-jr2q-vpvv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fxpf-jr2q-vpvv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fxpf-jr2q-vpvv/GHSA-fxpf-jr2q-vpvv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fxpf-jr2q-vpvv
- Aliases
- Published
- 2022-05-24T19:09:46Z
- Modified
- 2025-06-27T21:42:16.498158Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Liferay Portal and Liferay DXP autosaves form data for other users to see
- Details
-
The Dynamic Data Mapping module in Dynamic Data Mapping Form Web before 3.0.23 in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user.
- Database specific
{ "nvd_published_at": "2021-08-03T19:15:00Z", "github_reviewed_at": "2025-06-27T21:11:21Z", "github_reviewed": true, "severity": "HIGH", "cwe_ids": [ "CWE-312" ] }- References
Affected packages
Maven / com.liferay:com.liferay.dynamic.data.mapping.form.web
Package
- Name
- com.liferay:com.liferay.dynamic.data.mapping.form.web
- View open source insights on deps.dev
- Purl
- pkg:maven/com.liferay/com.liferay.dynamic.data.mapping.form.web
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.23
Affected versions
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.16
1.0.17
1.0.18
1.0.19
1.0.20
1.0.21
1.0.22
1.0.23
1.0.24
1.0.25
1.0.26
1.0.27
1.0.28
1.0.29
1.0.30
1.0.31
1.0.32
1.0.33
1.0.34
1.0.35
1.0.36
1.0.37
1.0.38
1.0.39
1.0.40
1.0.41
1.0.42
1.0.43
1.0.44
1.0.45
1.0.46
1.0.47
1.0.48
1.0.49
1.0.50
1.0.51
1.0.52
1.0.53
1.0.54
1.0.55
1.0.56
1.0.57
1.0.58
1.0.59
1.0.60
1.0.61
1.0.62
1.0.63
1.0.64
1.0.65
1.0.66
1.0.67
1.0.68
1.0.69
1.0.70
1.0.71
1.0.72
1.0.73
1.0.74
1.0.75
1.0.76
1.0.77
1.0.78
1.0.79
1.0.80
1.0.81
1.0.82
1.0.83
1.0.84
1.0.85
1.0.86
1.0.87
1.0.88
1.0.89
1.0.90
1.0.91
1.0.92
1.0.93
1.0.94
1.0.95
1.0.96
1.0.97
1.0.98
1.0.99
1.0.100
1.0.101
1.0.102
1.0.103
1.0.104
1.0.105
1.0.106
1.0.107
1.0.108
1.0.109
1.0.110
1.0.111
1.0.112
1.0.113
1.0.114
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.0.19
2.0.20
2.0.21
2.0.22
2.0.23
2.0.24
2.0.25
2.0.26
2.0.27
2.0.28
2.0.29
2.0.30
2.0.31
2.0.32
2.0.33
2.0.34
2.0.35
2.0.36
2.0.37
2.0.38
2.0.39
2.0.40
2.0.41
2.0.42
2.0.43
2.0.44
2.0.45
2.0.46
2.0.47
2.0.48
2.0.49
2.0.50
2.0.51
2.0.52
2.0.53
2.0.54
2.0.55
2.0.56
2.0.57
2.0.58
2.0.59
2.0.60
2.0.61
2.0.62
2.0.63
2.0.64
2.0.65
2.0.66
2.0.67
2.0.68
2.0.69
2.0.70
2.0.71
2.0.72
2.0.73
2.0.74
2.0.75
2.0.76
2.0.77
2.0.78
2.0.79
2.0.80
2.0.81
2.0.82
2.0.83
2.0.84
2.0.85
2.0.86
2.0.87
2.0.88
2.0.89
2.0.90
2.0.91
2.0.92
2.0.93
2.0.94
2.0.95
2.0.96
2.0.97
2.0.98
2.0.99
2.0.100
2.0.101
2.0.102
2.0.103
2.0.104
2.0.105
2.0.106
2.0.107
2.0.108
2.0.109
2.0.110
2.0.111
2.0.112
2.0.113
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.0.10
3.0.11
3.0.12
3.0.13
3.0.14
3.0.15
3.0.16
3.0.17
3.0.18
3.0.19
3.0.20
3.0.21
3.0.22
Maven / com.liferay.portal:release.dxp.bom
Package
- Name
- com.liferay.portal:release.dxp.bom
- View open source insights on deps.dev
- Purl
- pkg:maven/com.liferay.portal/release.dxp.bom
Maven / com.liferay.portal:release.dxp.bom
Package
- Name
- com.liferay.portal:release.dxp.bom
- View open source insights on deps.dev
- Purl
- pkg:maven/com.liferay.portal/release.dxp.bom