com.liferay:com.liferay.object.rest.impl@1.0.3 vulnerabilities

latest version

1.0.155

latest non vulnerable version

1.0.155

first published

3 years ago

latest version published

1 months ago

licenses detected

LGPL-2.1
[1.0.0,)

package manager

View on Maven Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the com.liferay:com.liferay.object.rest.impl package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
L Access Control Bypass Affected versions of this package are vulnerable to Access Control Bypass due to unauthorized access to objects via OAuth 2 scope. The Object module does properly isolate objects in different virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope administration page. How to fix Access Control Bypass? Upgrade `com.liferay:com.liferay.object.rest.impl` to version 1.0.70 or higher.	[,1.0.70)

Access Control Bypass

Affected versions of this package are vulnerable to Access Control Bypass due to unauthorized access to objects via OAuth 2 scope. The Object module does properly isolate objects in different virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope administration page.

How to fix Access Control Bypass?

Upgrade com.liferay:com.liferay.object.rest.impl to version 1.0.70 or higher.

[,1.0.70)

Go back to all versions of this package