Arbitrary File Access Affecting com.liferay.portal:com.liferay.portal.impl Open this link in a new tab package, versions [7.2.0,7.4.0) [0,7.1.3)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
25 May 2021
24 Sep 2020
How to fix?
com.liferay.portal:com.liferay.portal.impl to version 7.4.0, 7.1.3 or higher.
com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.
Affected versions of this package are vulnerable to Arbitrary File Access. The property
portlet.resource.id.banned.paths.regexp can be bypassed with doubled encoded URLs, which allows remote attackers to access restricted
portlet resources (e.g., files within
/META-INF and /