Homepage
About Snyk

com.liferay:com.liferay.portal.remote.cors.impl@2.0.2 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the com.liferay:com.liferay.portal.remote.cors.impl package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Information Exposure

com.liferay:com.liferay.portal.remote.cors.impl is a Liferay Portal Remote CORS Implementation

Affected versions of this package are vulnerable to Information Exposure. It allows access to cross-origin resource sharing (CORS) protected resources if the user is only authenticated using the portal session authentication. This allows remote attackers to obtain sensitive information including the targeted user’s email address and current CSRF token.

How to fix Information Exposure?

Upgrade com.liferay:com.liferay.portal.remote.cors.impl to version 2.0.4 or higher.

[,2.0.4)
Go back to all versions of this package