Releases

Back CVE-2022-42124 ReDoS vulnerability in upgrade of layout prototype name

Description

ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 allows remote attackers to consume an excessive amount of server resources via a crafted payload injected into the 'name' field of a layout prototype.

Severity

null (null)

Notes

There is no patch available for Liferay Portal 7.3 and 7.4. Instead, users should upgrade to Liferay Portal 7.4 GA5 (7.4.3.5) or later.

Publication date: Wed, 19 Oct 2022 04:03:00 +0000

The security advisories on this page is for Liferay's open source projects (e.g., Liferay Portal). Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are available in Help Center.