Description
Liferay Portal 7.1.3 and earlier is vulnerable to remote code execution via deserialization of JSON data.
Severity
Severity 1
Fixed Version(s)
- March 2020 source patch for Liferay Portal 7.1.3. Details for working with source patches can be found on the Patching Liferay Portal page.
- March 2020 source patch for Liferay Portal 7.0.6. Details for working with source patches can be found on the Patching Liferay Portal page.
- March 2020 source patch for Liferay Portal 6.2.5. Details for working with source patches can be found on the Patching Liferay Portal page.
Acknowledgments
This issue was reported by Markus Wulftange
Publication date: Tue, 25 Jun 2019 22:36:00 +0000