Homepage
About Snyk

com.liferay.portal:portal-impl@6.1.1 vulnerabilities

  • latest version

    6.2.5

  • first published

    14 years ago

  • latest version published

    8 years ago

  • licenses detected

  • package manager

    View on Maven Repository
Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the com.liferay.portal:portal-impl package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Arbitrary File Upload

com.liferay.portal:portal-impl is a Portal Impl

Affected versions of this package are vulnerable to Arbitrary File Upload which allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists.

How to fix Arbitrary File Upload?

A fix was pushed into the master branch but not yet published.

[0,)
  • C
Deserialization of Untrusted Data

com.liferay.portal:portal-impl is a Portal Impl

Affected versions of this package are vulnerable to Deserialization of Untrusted Data. Deserialization of Untrusted Data in Liferay Portal allows remote attackers to execute arbitrary code via JSON web services (JSONWS).

How to fix Deserialization of Untrusted Data?

There is no fixed version for com.liferay.portal:portal-impl.

[0,)
Go back to all versions of this package