Description
Liferay Portal 7.1.3, 7.2.1 and possibly earlier unsupported versions, allows an administrator to restrict the files that can be uploaded to Document and Media based on the file extension. However, a file extension using certain non-ASCII characters can circumvent this restriction.
Severity
Severity 2
Fixed Version(s)
- June 2020 source patch for Liferay Portal 7.2.1. Details for working with source patches can be found on the Patching Liferay Portal page.
- June 2020 source patch for Liferay Portal 7.1.3. Details for working with source patches can be found on the Patching Liferay Portal page.
Publication date: Tue, 09 Jun 2020 02:00:00 +0000