Description
Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter.
Severity
8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)
Affected Version(s)
- Liferay Portal 7.4.0 - 7.4.2
Fixed Version(s)
Publication date: Mon, 24 Jan 2022 16:00:00 +0000