GHSA-g8hp-rc67-jf96
Suggest an improvement- Source
- https://github.com/advisories/GHSA-g8hp-rc67-jf96
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-g8hp-rc67-jf96/GHSA-g8hp-rc67-jf96.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-g8hp-rc67-jf96
- Aliases
- Published
- 2022-11-15T12:00:16Z
- Modified
- 2023-12-06T01:02:39.924712Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Path Traversal in Liferay Portal
- Details
-
Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module.
- Database specific
{ "github_reviewed": true, "nvd_published_at": "2022-11-15T01:15:00Z", "cwe_ids": [ "CWE-22" ], "github_reviewed_at": "2022-11-21T23:49:10Z", "severity": "HIGH" }- References
Affected packages
Maven / com.liferay.portal:release.portal.bom
Package
- Name
- com.liferay.portal:release.portal.bom
- View open source insights on deps.dev
- Purl
- pkg:maven/com.liferay.portal/release.portal.bom
Affected versions
7.*
7.4.3.5
7.4.3.6
7.4.3.7
7.4.3.8
7.4.3.9
7.4.3.10
7.4.3.11
7.4.3.12
7.4.3.13
7.4.3.14
7.4.3.15
7.4.3.16
7.4.3.17
7.4.3.18
7.4.3.19
7.4.3.20
7.4.3.20-ga20
7.4.3.21
7.4.3.21-ga21
7.4.3.22
7.4.3.23
7.4.3.24
7.4.3.25
7.4.3.26
7.4.3.27
7.4.3.28
7.4.3.29
7.4.3.30
7.4.3.31
7.4.3.32
7.4.3.33
7.4.3.34
7.4.3.35
7.4.3.36
7.4.3.37
7.4.3.38
7.4.3.39
7.4.3.40
7.4.3.41
7.4.3.42
7.4.3.43
7.4.3.44
7.4.3.45
7.4.3.46
7.4.3.47