CST-6239 Denial-of-service vulnerability with file uploads

Description

Denial-of-service (DoS) vulnerability in document library in Liferay Portal 6.2.5 and earlier allows remote attackers to cause an OutOfMemoryError by uploading a crafted PDF file.

Workaround:

Use the portal.property dl.file.extensions to exclude PDFs from the list of acceptable files that can be uploaded to the document library.

Severity

Severity 1

Fixed Version(s)

Publication date: Mon, 02 Mar 2020 07:21:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.