[LPE-16488] LSV-407: Path traversal vulnerability in templates - Liferay Issues

XML

Word

Printable

Details

Type: Regression Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 6.2 EE GA1 (6.2.10), 7.0 DE (7.0.10), 7.1 DXP (7.1.10)
Fix Version/s: 6.2.X EE, 7.0.X EE, 7.1.x EE
Component/s: Portal Services > Templates Engine, Security Vulnerability
Labels:

Fix Pack Status:
Scheduled
Business Value:
5
7.0 Fix Pack Version:
65
7.1 Fix Pack Version:
1

Description

Liferay DXP 7.0 (FP37+/SP7+), 7.1 and Liferay Portal 6.2 EE contain a path traversal vulnerability in Web Content templates and Application Display Templates (ADT).

See also https://help.liferay.com/hc/en-us/articles/360020792971.

Attachments

Activity

People

Assignee:: Joshua Cords

Reporter:: Enterprise Release HU

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 06/Aug/18 9:30 PM

Updated:: 10/May/19 4:30 PM

Resolved:: 03/Dec/18 10:30 AM

Packages

Version	Package
6.2.X EE
7.0.X EE
7.1.x EE