com.liferay:com.liferay.portal.remote.cors.impl@2.0.1 vulnerabilities
-
latest version
3.0.14
-
latest non vulnerable version
-
first published
5 years ago
-
latest version published
9 months ago
-
licenses detected
- [1.0.0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the com.liferay:com.liferay.portal.remote.cors.impl package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
com.liferay:com.liferay.portal.remote.cors.impl is a Liferay Portal Remote CORS Implementation Affected versions of this package are vulnerable to Information Exposure. It allows access to cross-origin resource sharing (CORS) protected resources if the user is only authenticated using the portal session authentication. This allows remote attackers to obtain sensitive information including the targeted user’s email address and current CSRF token. How to fix Information Exposure? Upgrade |
[,2.0.4)
|