com.liferay.portal:portal-impl 6.2.0-ga1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the com.liferay.portal:portal-impl package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Use of Password Hash With Insufficient Computational Effort com.liferay.portal:portal-impl is a Portal Impl Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the default configuration of the password hashing algorithm, which defaults to a low work factor. An attacker can quickly crack password hashes. How to fix Use of Password Hash With Insufficient Computational Effort? A fix was pushed into the `master` branch but not yet published.	[0,)
M Arbitrary File Upload com.liferay.portal:portal-impl is a Portal Impl Affected versions of this package are vulnerable to Arbitrary File Upload which allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. How to fix Arbitrary File Upload? A fix was pushed into the `master` branch but not yet published.	[0,)
C Deserialization of Untrusted Data com.liferay.portal:portal-impl is a Portal Impl Affected versions of this package are vulnerable to Deserialization of Untrusted Data. Deserialization of Untrusted Data in Liferay Portal allows remote attackers to execute arbitrary code via JSON web services (JSONWS). How to fix Deserialization of Untrusted Data? There is no fixed version for `com.liferay.portal:portal-impl`.	[0,)

Vulnerability

Vulnerable Version

Use of Password Hash With Insufficient Computational Effort

com.liferay.portal:portal-impl is a Portal Impl

Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the default configuration of the password hashing algorithm, which defaults to a low work factor. An attacker can quickly crack password hashes.

How to fix Use of Password Hash With Insufficient Computational Effort?

A fix was pushed into the master branch but not yet published.

[0,)

Arbitrary File Upload

com.liferay.portal:portal-impl is a Portal Impl

Affected versions of this package are vulnerable to Arbitrary File Upload which allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists.

How to fix Arbitrary File Upload?

A fix was pushed into the master branch but not yet published.

[0,)

Deserialization of Untrusted Data

com.liferay.portal:portal-impl is a Portal Impl

Affected versions of this package are vulnerable to Deserialization of Untrusted Data. Deserialization of Untrusted Data in Liferay Portal allows remote attackers to execute arbitrary code via JSON web services (JSONWS).

How to fix Deserialization of Untrusted Data?

There is no fixed version for com.liferay.portal:portal-impl.

[0,)

com.liferay.portal:portal-impl@6.2.0-ga1 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?