Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-14371

Remote Code Execution using Freemarker sandbox escape

    Details

      Description

      • 6.2 EE, 6.1 EE GA3, 6.1 EE GA2: The following portal property has been added:
         
            # 
            # Set a comma delimited list of Java classes the FreeMarker engine can 
            # have access to. The "*" character represents a wildcard in the class 
            # name. Using the "*" as the allowed classes provides behaviour of allowing 
            # everything that is not in restricted classes. 
            # 
            freemarker.engine.allowed.classes= 
        
      • 6.1 EE GA1, 6.0 EE SP2, 6.0 EE SP1, 6.0 EE:
         
        
            # 
            # Set a comma delimited list of Java classes the FreeMarker engine can 
            # have access to. The "*" character represents a wildcard in the class 
            # name. Using the "*" as the allowed classes provides behaviour of allowing 
            # everything that is not in restricted classes. 
            # 
            freemarker.engine.allowed.classes= 
        
            # 
            # Set a comma delimited list of java classes the FreeMarker engine cannot 
            # have access to. 
            # 
            freemarker.engine.restricted.classes=\ 
                java.lang.Class,\ 
                java.lang.ClassLoader,\ 
                java.lang.Thread 
        
            # 
            # Set a comma delimited list of java packages the FreeMarker engine cannot 
            # have access to. 
            # 
            freemarker.engine.restricted.packages= 
        

      See also https://web.liferay.com/group/customer/products/portal/security-vulnerability/lsv-173

        Attachments

          Activity

            People

            Assignee:
            bryan.engler Bryan Engler
            Reporter:
            tibor.lipusz Tibor Lipusz
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                6.0.X EE
                6.1.X EE
                6.2.X EE