CVE-2022-42125 Zip slip vulnerability in FileUtil.unzip

Description

Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module.

Severity

6.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N)

Affected Version(s)

  • Liferay Portal 7.4.3.5 - 7.4.3.35

Fixed Version(s)

Publication date: Wed, 19 Oct 2022 05:26:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.