CST-7059 Theoretical OS commaind injection in SendmailHook

Description

In LIferay Portal 7.0 CE GA7, a theoretical OS command injection vulnerability exists in SendmailHook.

Severity

Severity 2

Fixed Version(s)

Notes

By default, the SendmailHook is not enabled. If SendmailHook is enabled, it can be disabled by removing mail.hook.impl=com.liferay.mail.util.SendmailHook from portal-ext.properties.

Publication date: Wed, 04 Jul 2018 08:06:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.