2 matches found
com.liferay:com.liferay.asset.publisher.web (>=1.0.0 <=1.8.11), com.liferay:com.liferay.blogs.web (>=1.0.0 <=2.0.4) +3 more potentially affected by CVE-2021-33320 via com.liferay:com.liferay.flags.taglib (=2.0.0)
com.liferay:com.liferay.flags.taglib MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.liferay:com.liferay.flags.taglib and may be impacted: - com.liferay:com.liferay.asset.publisher.web =1.0.0, =1.0.0, =2.0.0, =1.0.0, =1.3.0...
CVE-2021-33320
The CVE concerns the Flags module in Liferay Portal (7.3.1 and earlier) and Liferay DXP (7.0 before fix pack 96, 7.1 before fix pack 20, 7.2 before fix pack 5) where there is no rate limit on flag submissions, allowing remote authenticated users to spam site administrators via emails. Concrete de...