CST-7219 Documents and Media file extension restriction circumvention

Description

Liferay Portal 7.1.3, 7.2.1 and possibly earlier unsupported versions, allows an administrator to restrict the files that can be uploaded to Document and Media based on the file extension. However, a file extension using certain non-ASCII characters can circumvent this restriction.

Severity

Severity 2

Fixed Version(s)

Publication date: Tue, 09 Jun 2020 02:00:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.