Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-14755

Remote Code Execution and Privilege Escalation in templates

    Details

      Description

      Remote Code Execution and Privilege Escalation in templates.

      Breaking Changes in 6.2
      Certain utility variables are now restricted therefore not available by default in a template (FreeMarker, Velocity) context. Please refer to the properties below:

          #
          # Set a comma delimited list of variables the FreeMarker engine cannot
          # have access to. This will affect Dynamic Data List templates, Journal
          # templates, and Portlet Display templates.
          #
          freemarker.engine.restricted.variables=\
              objectUtil,\
              serviceLocator,\
              staticUtil,\
              utilLocator
      
          #
          # Set a comma delimited list of variables the Velocity engine cannot
          # have access to. This will affect Dynamic Data List templates, Journal
          # templates, and Portlet Display templates.
          #
          velocity.engine.restricted.variables=\
              serviceLocator,\
              utilLocator
      

      If you are using any of these variables in your custom templates, you need to adjust these settings and remove the required one from the list of restricted variables.

      See also https://web.liferay.com/group/customer/products/portal/security-vulnerability/lsv-194

        Attachments

          Activity

            People

            • Assignee:
              michael.bowerman Michael Bowerman (Inactive)
              Reporter:
              csaba.turcsan Csaba Turcsan
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Packages

                Version Package
                6.0.X EE
                6.1.X EE
                6.2.X EE