Description
Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter.
Severity
null (null)
Notes
Liferay Portal 7.4: There is no patch available for Liferay Portal 7.4. Instead, users should upgrade to Liferay Portal 7.4 GA4 (7.4.3.4)
Publication date: Mon, 24 Jan 2022 16:00:00 +0000