BIT-liferay-2022-42125

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/liferay/BIT-liferay-2022-42125.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-liferay-2022-42125
Aliases
Published
2024-01-31T15:20:25.118Z
Modified
2024-02-19T10:36:29.170Z
Summary
[none]
Details

Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module.

References

Affected packages

Bitnami / liferay

Package

Name
liferay
Purl
pkg:bitnami/liferay

Severity

  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
7.4-update1.0
Last affected
7.4-update1.0
Introduced
7.4-update34.0
Last affected
7.4-update34.0