Description
The open redirect protection component in Liferay Portal 7.1 CE GA4, and possibly earlier unsupported versions, is vulnerable to denial of service (DoS) attacks via requests to domains whose DNS server is unresponsive.
Severity
Severity 2
Fixed Version(s)
- March 2020 source patch for Liferay Portal 7.1.3. Details for working with source patches can be found on the Patching Liferay Portal page.
Publication date: Tue, 25 Jun 2019 22:36:00 +0000