CST-7062 Denial-of-service vulnerability with embedded portlets

Description

Denial-of-service vulnerability in DDM templates in Liferay Portal before 7.0.1 allows attackers to
create templates with an infinite loop via embedded portlets.

Severity

Severity 1

Fixed Version(s)

Notes

Review permissions settings and do not grant untrusted users (e.g., Users and Power Users) permissions to create or edit templates (e.g., web content templates, application display templates)

Publication date: Mon, 02 Mar 2020 07:21:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.