VYPR

Maven package

com.liferay.commerce/com.liferay.commerce.product.type.virtual.service

pkg:maven/com.liferay.commerce/com.liferay.commerce.product.type.virtual.service

Vulnerabilities (1)

  • CVE-2025-43808Sep 19, 2025
    affected < 4.0.47fixed 4.0.47

    The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and 7.3 service pack 3 through update 35 saves virtual products uploaded to Documents and Media with guest view p