Description
Denial-of-service vulnerability in DDM templates in Liferay Portal before 7.0.1 allows attackers to
create templates with an infinite loop via embedded portlets.
Severity
Severity 1
Fixed Version(s)
- Liferay Portal 7.0.1
- March 2020 source patch for Liferay Portal 6.2.5. Details for working with source patches can be found on the Patching Liferay Portal page.
Notes
Review permissions settings and do not grant untrusted users (e.g., Users and Power Users) permissions to create or edit templates (e.g., web content templates, application display templates)
Publication date: Mon, 02 Mar 2020 07:21:00 +0000