logo

Database

Insecure file upload In com.liferay.portal:release.dxp.bom

Description

Unrestricted Upload of File with Dangerous Type in Liferay Portal and Liferay DXP Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2020-158392. NVD-2020-158393. OSV-2020-158394. GCVE-2020-15839

References

1. https://issues.liferay.com/browse/LPE-170292. https://issues.liferay.com/browse/LPE-170553. https://portal.liferay.dev/learn/security/known-vulnerabilities4. https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784928

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.