Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
7.0 DE (7.0.10), 7.1 DXP (7.1.10), 7.2 DXP (7.2.10)
-
5
-
CVE-2020-13445
-
9.9
-
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
-
92
-
18
-
6
Description
In Liferay DXP 7.0, 7.1 and 7.2, the template API gives users access to sensitive objects, which allows remote authenticated users to execute arbitrary code via FreeMarker and Velocity templates.
See also in Help Center: https://help.liferay.com/hc/en-us/articles/360044036131