GHSA-f9wj-c5pc-g9rh

Source

https://github.com/advisories/GHSA-f9wj-c5pc-g9rh

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f9wj-c5pc-g9rh/GHSA-f9wj-c5pc-g9rh.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-f9wj-c5pc-g9rh

Aliases

CVE-2021-29053

Published

2022-05-24T19:02:39Z

Modified

2025-05-14T08:12:08.196190Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Liferay Portal and Liferay DXP Vulnerable to Multiple SQL Injections

Details

Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to (1) CommerceChannelRelFinder.countByCC, or (2) CommerceChannelRelFinder.findByCC.

Database specific

{
    "nvd_published_at": "2021-05-17T11:15:00Z",
    "cwe_ids": [
        "CWE-89"
    ],
    "github_reviewed_at": "2025-05-14T07:46:33Z",
    "github_reviewed": true,
    "severity": "HIGH"
}

References

Affected packages

Maven / com.liferay.portal:release.portal.bom

Package

Name: com.liferay.portal:release.portal.bom; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/release.portal.bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.3.5

Fixed

7.3.6

Affected versions

7.*

7.3.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f9wj-c5pc-g9rh/GHSA-f9wj-c5pc-g9rh.json"

Maven / com.liferay.portal:release.dxp.bom

Package

Name: com.liferay.portal:release.dxp.bom; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/release.dxp.bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.3.10.fp1

Affected versions

7.*

7.0.10.fp60

7.0.10.fp61

7.0.10.fp62

7.0.10.fp63

7.0.10.fp64

7.0.10.fp65

7.0.10.fp66

7.0.10.fp67

7.0.10.fp68

7.0.10.fp69

7.0.10.fp70

7.0.10.fp71

7.0.10.fp72

7.0.10.fp73

7.0.10.fp74

7.0.10.fp75

7.0.10.fp76

7.0.10.fp77

7.0.10.fp78

7.0.10.fp79

7.0.10.fp80

7.0.10.fp81

7.0.10.fp82

7.0.10.fp83

7.0.10.fp84

7.0.10.fp85

7.0.10.fp85-1

7.0.10.fp86

7.0.10.fp86-1

7.0.10.fp87

7.0.10.fp87-1

7.0.10.fp88

7.0.10.fp89

7.0.10.fp90

7.0.10.fp91

7.0.10.fp92

7.0.10.fp94

7.0.10.fp94-1

7.0.10.fp95

7.0.10.fp95-1

7.0.10.fp95-2

7.0.10.fp97

7.0.10.fp98

7.0.10.fp100

7.0.10.fp101

7.0.10.fp102

7.0.10.7

7.0.10.8

7.0.10.9

7.0.10.14

7.0.10.14-1

7.0.10.16

7.0.10.17

7.1.10

7.1.10.fp1

7.1.10.fp2

7.1.10.fp3

7.1.10.fp4

7.1.10.fp5

7.1.10.fp6

7.1.10.fp7

7.1.10.fp8

7.1.10.fp9

7.1.10.fp10

7.1.10.fp11

7.1.10.fp12

7.1.10.fp13

7.1.10.fp14

7.1.10.fp15

7.1.10.fp16

7.1.10.fp17

7.1.10.fp18

7.1.10.fp19

7.1.10.fp20

7.1.10.fp22

7.1.10.fp24

7.1.10.fp25

7.1.10.fp26

7.1.10.fp27

7.1.10.fp28

7.1.10.1

7.1.10.3

7.1.10.4

7.1.10.5

7.1.10.6

7.1.10.7

7.1.10.8

7.2.1

7.2.10

7.2.10.fp1

7.2.10.fp1-1

7.2.10.fp2

7.2.10.fp3

7.2.10.fp4

7.2.10.fp5

7.2.10.fp6

7.2.10.fp7

7.2.10.fp8

7.2.10.fp9

7.2.10.fp10

7.2.10.fp11

7.2.10.fp12

7.2.10.fp13

7.2.10.fp14

7.2.10.fp15

7.2.10.fp16

7.2.10.fp17

7.2.10.fp18

7.2.10.fp19

7.2.10.fp20

7.2.10.1

7.2.10.2

7.2.10.3

7.2.10.3-1

7.2.10.4

7.2.10.4-1

7.2.10.5

7.2.10.5-1

7.2.10.6

7.2.10.7

7.2.10.8

7.3.10

7.3.10.ep3

7.3.10.ep4

7.3.10.ep5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f9wj-c5pc-g9rh/GHSA-f9wj-c5pc-g9rh.json"