Open Redirect Affecting com.liferay:com.liferay.notifications.web package, versions [,4.0.6)
Threat Intelligence
EPSS
0.13% (50th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-COMLIFERAY-1536539
- published 4 Aug 2021
- disclosed 4 Aug 2021
- credit Daniel Couso
Introduced: 4 Aug 2021
CVE-2021-33331 Open this link in a new tabHow to fix?
Upgrade com.liferay:com.liferay.notifications.web
to version 4.0.6 or higher.
Overview
com.liferay:com.liferay.notifications.web is a Liferay Notifications Web.
Affected versions of this package are vulnerable to Open Redirect. It allows remote attackers to redirect users to arbitrary external URLs via the redirect
parameter.
CVSS Scores
version 3.1