Description
Denial-of-service (DoS) vulnerability in document library in Liferay Portal 6.2.5 and earlier allows remote attackers to cause an OutOfMemoryError by uploading a crafted PDF file.
Workaround:
Use the portal.property dl.file.extensions
to exclude PDFs from the list of acceptable files that can be uploaded to the document library.
Severity
Severity 1
Fixed Version(s)
- March 2020 source patch for Liferay Portal 6.2.5. Details for working with source patches can be found on the Patching Liferay Portal page.
Publication date: Mon, 02 Mar 2020 07:21:00 +0000