com.liferay:com.liferay.site.admin.web@5.0.4 vulnerabilities

latest version

5.0.134

latest non vulnerable version

5.0.134

first published

9 years ago

latest version published

2 months ago

licenses detected

LGPL-2.1
[1.0.0,)

package registry

View on Maven Central Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the com.liferay:com.liferay.site.admin.web package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Insecure Default Initialization of Resource Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to the default configuration of the `site membership` process. An attacker can gain unauthorized access to view, add, or edit site content by registering as a user and joining sites with the default open membership setting. How to fix Insecure Default Initialization of Resource? Upgrade `com.liferay:com.liferay.site.admin.web` to version 5.0.97 or higher.	[,5.0.97)

Insecure Default Initialization of Resource

Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to the default configuration of the site membership process. An attacker can gain unauthorized access to view, add, or edit site content by registering as a user and joining sites with the default open membership setting.

How to fix Insecure Default Initialization of Resource?

Upgrade com.liferay:com.liferay.site.admin.web to version 5.0.97 or higher.

[,5.0.97)

Go back to all versions of this package