com.liferay.portal:com.liferay.portal.impl vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the com.liferay.portal:com.liferay.portal.impl package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Open Redirect	[,93.0.0)
M Use of Default Credentials	[,97.0.0)
M Server-side Request Forgery (SSRF)	[,113.1.0)
M Insertion of Sensitive Information Into Sent Data	[,108.1.1)
M Cross-site Scripting (XSS)	[,110.0.0)
M Timing Attack	[,110.0.0)
M Information Exposure	[,111.0.0)
M Cross-site Scripting (XSS)	[,109.1.0)
M Open Redirect	[,25.0.0)
M Observable Discrepancy	[,40.0.0)
M Insecure Default Initialization of Resource	[,37.0.0)
M Open Redirect	[,31.0.2)
M Incorrect Authorization	[,7.8.0)
H Incorrect Authorization	[,8.2.1)
M Insertion of Sensitive Information Into Sent Data	[,8.0.0)
C Cross-site Scripting (XSS)	[,7.8.0)
M Cross-site Request Forgery (CSRF)	[,5.25.0)
M Observable Discrepancy	[,7.8.0)
M Insecure Default Initialization of Resource	[,5.5.4)
M Arbitrary File Write via Archive Extraction (Zip Slip)	[,47.1.0)
M Open Redirect	[,7.9.0)
M Access Restriction Bypass	[,6.05)
M Information Exposure	[,5.11.0)
M Improper Validation	[,5.7.3)
M Information Exposure	[,5.11.0)
M Improper Authorization	[,5.9.0)
M Privilege Escalation	[,5.16.4)
M Arbitrary File Access	[7.2.0,7.4.0)[0,7.1.3)
C Deserialization of Untrusted Data	[4.0.0,4.7.0)[3.0.0,3.49.0)[,2.65.3)
M Cross-site Scripting (XSS)	[,2.15.0)

Vulnerability

Vulnerable Version

Open Redirect

[,93.0.0)

Use of Default Credentials

[,97.0.0)

Server-side Request Forgery (SSRF)

[,113.1.0)

Insertion of Sensitive Information Into Sent Data

[,108.1.1)

Cross-site Scripting (XSS)

[,110.0.0)

Timing Attack

[,110.0.0)

Information Exposure

[,111.0.0)

Cross-site Scripting (XSS)

[,109.1.0)

Open Redirect

[,25.0.0)

Observable Discrepancy

[,40.0.0)

Insecure Default Initialization of Resource

[,37.0.0)

Open Redirect

[,31.0.2)

Incorrect Authorization

[,7.8.0)

Incorrect Authorization

[,8.2.1)

Insertion of Sensitive Information Into Sent Data

[,8.0.0)

Cross-site Scripting (XSS)

[,7.8.0)

Cross-site Request Forgery (CSRF)

[,5.25.0)

Observable Discrepancy

[,7.8.0)

Insecure Default Initialization of Resource

[,5.5.4)

Arbitrary File Write via Archive Extraction (Zip Slip)

[,47.1.0)

Open Redirect

[,7.9.0)

Access Restriction Bypass

[,6.05)

Information Exposure

[,5.11.0)

Improper Validation

[,5.7.3)

Information Exposure

[,5.11.0)

Improper Authorization

[,5.9.0)

Privilege Escalation

[,5.16.4)

Arbitrary File Access

[7.2.0,7.4.0)[0,7.1.3)

Deserialization of Untrusted Data

[4.0.0,4.7.0)[3.0.0,3.49.0)[,2.65.3)

Cross-site Scripting (XSS)

[,2.15.0)

Package versions

1622 VERSIONS IN TOTAL See all versions

version	published	direct vulnerabilities
114.1.0	13 Jul, 2025	0 C 0 H 0 M 0 L
114.0.0	5 Jul, 2025	0 C 0 H 0 M 0 L
113.1.2	4 Jul, 2025	0 C 0 H 0 M 0 L
113.1.1	23 Jun, 2025	0 C 0 H 0 M 0 L
113.1.0	21 Jun, 2025	0 C 0 H 0 M 0 L
113.0.2	14 Jun, 2025	0 C 0 H 1 M 0 L
113.0.1	31 May, 2025	0 C 0 H 1 M 0 L
113.0.0	31 May, 2025	0 C 0 H 1 M 0 L
112.0.0	1 May, 2025	0 C 0 H 1 M 0 L
111.0.1	4 Apr, 2025	0 C 0 H 1 M 0 L

com.liferay.portal:com.liferay.portal.impl vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

How to fix?

Package versions