Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-14371

Remote Code Execution using Freemarker sandbox escape

    Details

      Description

      • 6.2 EE, 6.1 EE GA3, 6.1 EE GA2: The following portal property has been added:
         
            # 
            # Set a comma delimited list of Java classes the FreeMarker engine can 
            # have access to. The "*" character represents a wildcard in the class 
            # name. Using the "*" as the allowed classes provides behaviour of allowing 
            # everything that is not in restricted classes. 
            # 
            freemarker.engine.allowed.classes= 
        
      • 6.1 EE GA1, 6.0 EE SP2, 6.0 EE SP1, 6.0 EE:
         
        
            # 
            # Set a comma delimited list of Java classes the FreeMarker engine can 
            # have access to. The "*" character represents a wildcard in the class 
            # name. Using the "*" as the allowed classes provides behaviour of allowing 
            # everything that is not in restricted classes. 
            # 
            freemarker.engine.allowed.classes= 
        
            # 
            # Set a comma delimited list of java classes the FreeMarker engine cannot 
            # have access to. 
            # 
            freemarker.engine.restricted.classes=\ 
                java.lang.Class,\ 
                java.lang.ClassLoader,\ 
                java.lang.Thread 
        
            # 
            # Set a comma delimited list of java packages the FreeMarker engine cannot 
            # have access to. 
            # 
            freemarker.engine.restricted.packages= 
        

      See also https://web.liferay.com/group/customer/products/portal/security-vulnerability/lsv-173

        Attachments

          Activity

            People

            • Assignee:
              bryan.engler Bryan Engler
              Reporter:
              tibor.lipusz Tibor Lipusz
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Packages

                Version Package
                6.0.X EE
                6.1.X EE
                6.2.X EE