CVE-2021-33320 – com.liferay.portal:release.dxp.bom

Package

Manager: maven
Name: com.liferay.portal:release.dxp.bom
Vulnerable Version: >=7.0.0 <7.0.10.fp96 || >=7.1.0 <7.1.10.fp20 || >=7.2.0 <7.2.10.fp5

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00392 pctl0.59422

Details

Liferay Portal and Liferay DXP vulnerable to email spam via lack of flagging rate The Flags module before version 5.0.11 in Liferay Portal 7.3.1 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 5, does not limit the rate at which content can be flagged as inappropriate, which allows remote authenticated users to spam the site administrator with emails

Metadata

Created: 2022-05-24T19:09:46Z
Modified: 2025-07-14T16:26:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wg4x-hf94-fj5v/GHSA-wg4x-hf94-fj5v.json
CWE IDs: ["CWE-770"]
Alternative ID: GHSA-wg4x-hf94-fj5v
Finding: F029
Auto approve: 1