com.liferay.portal:portal-impl@6.1.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the com.liferay.portal:portal-impl package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
H OS Command Injection com.liferay.portal:portal-impl is a Portal Impl Affected versions of this package are vulnerable to OS Command Injection via a crafted Velocity template. An attacker can execute arbitrary shell commands by sending a malicious request to the server. How to fix OS Command Injection? Upgrade `com.liferay.portal:portal-impl` to version 6.1.1 or higher.	[,6.1.1)
M Arbitrary File Upload com.liferay.portal:portal-impl is a Portal Impl Affected versions of this package are vulnerable to Arbitrary File Upload which allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. How to fix Arbitrary File Upload? A fix was pushed into the `master` branch but not yet published.	[0,)
C Deserialization of Untrusted Data com.liferay.portal:portal-impl is a Portal Impl Affected versions of this package are vulnerable to Deserialization of Untrusted Data. Deserialization of Untrusted Data in Liferay Portal allows remote attackers to execute arbitrary code via JSON web services (JSONWS). How to fix Deserialization of Untrusted Data? There is no fixed version for `com.liferay.portal:portal-impl`.	[0,)