LSV-412: RCE using JSON Deserialization

Affects versions

Fix versions

6.1.X EE

6.2.X EE

7.0 Fix Pack Version

None

7.1 Fix Pack Version

None

7.2 Fix Pack Version

None

7.3 Fix Pack Version

None

7.4 Fix Pack Version

None

CVE IDs

None

CVSS Base Score

None

CVSS Vector String

None

Labels

liferay-fixpack-portal-169-6210liferay-fixpack-portal-71-6130lsvlsv-412sev-1

Description

See also https://help.liferay.com/hc/en-us/articles/360020526952.

Activity

Show:

Enterprise Release HU December 11, 2018 at 9:00 AM

Moved to Closed - Liferay Branch Manager

Fixed

Pinned fields

Click on the next to a field label to start pinning.

Details
Assignee
Joshua Cords
Reporter
Tibor Lipusz
Priority
Critical
Components
Security Vulnerability
Web Services > JSON WS
Fix Pack Status
Scheduled
Business Value
5

Zendesk Support

Created December 6, 2018 at 1:20 PM

Updated June 26, 2019 at 5:26 AM

Resolved December 11, 2018 at 8:59 AM

Configure

LSV-412: RCE using JSON Deserialization

Affects versions

Fix versions

7.0 Fix Pack Version

7.1 Fix Pack Version

7.2 Fix Pack Version

7.3 Fix Pack Version

7.4 Fix Pack Version

CVE IDs

CVSS Base Score

CVSS Vector String

Labels

Description

Activity

Enterprise Release HU December 11, 2018 at 9:00 AM

DetailsAssigneeJoshua CordsJoshua CordsReporterTibor LipuszTibor LipuszPriorityCriticalComponentsSecurity VulnerabilityWeb Services > JSON WSFix Pack StatusScheduledBusiness Value5

Details

Assignee

Reporter

Priority

Components

Fix Pack Status

Business Value

Zendesk SupportLinked Tickets

Zendesk Support

Details
Assignee
Joshua Cords
Reporter
Tibor Lipusz
Priority
Critical
Components
Security Vulnerability
Web Services > JSON WS
Fix Pack Status
Scheduled
Business Value
5

Zendesk Support