Known Vulnerabilities

CST-7141 RCE using JSON Deserialization in templates

Description

Liferay Portal 7.1.3 and earlier is vulnerable to remote code execution via deserialization of JSON data.

Severity

Severity 1

Fixed Version(s)

March 2020 source patch for Liferay Portal 7.1.3. Details for working with source patches can be found on the Patching Liferay Portal page.
March 2020 source patch for Liferay Portal 7.0.6. Details for working with source patches can be found on the Patching Liferay Portal page.
March 2020 source patch for Liferay Portal 6.2.5. Details for working with source patches can be found on the Patching Liferay Portal page.

Acknowledgments

This issue was reported by Markus Wulftange

Publication date: Tue, 25 Jun 2019 22:36:00 +0000

Community

Company

Feedback