Homepage
About Snyk

com.liferay.portal:com.liferay.portal.impl@7.8.2 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the com.liferay.portal:com.liferay.portal.impl package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Arbitrary File Write via Archive Extraction (Zip Slip)

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) in FileUtil.unzip, which allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module.

How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 47.1.0 or higher.

[,47.1.0)
  • M
Open Redirect

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Open Redirect via the HtmlUtil.escapeRedirect, by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the 'redirectparameter, theFORWARD_URLparameter, and others parameters that rely onHtmlUtil.escapeRedirect`.

How to fix Open Redirect?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 7.9.0 or higher.

[,7.9.0)
Go back to all versions of this package