Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-17007

LSV-720: Flagging content as inappropriate is not rate limited

Details

    • CVE-2021-33320
    • 5.0
    • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
    • 96
    • 20
    • 5

    Description

      The flags module in Liferay DXP 7.0, 7.1 and 7.2 does not limit the rate at which content can be flagged as inappropriate, which allows remote authenticated users to spam the site administrator with emails.

      Attachments

        Activity

          People

            support-ee EE Support
            EnterpriseReleaseHU Enterprise Release HU
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Packages

                Version Package
                7.0.X EE
                7.1.x EE
                7.2.X EE