Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-17535

LSV-1049: ReDoS vulnerability with layout prototype name in UpgradeLayoutPageTemplateEntry

Details

    • CVE-2022-42124
    • 2.6
    • CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
    • 19

    Description

      ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay DXP 7.2 fix pack 9 through fix pack 18 allows remote attackers to consume an excessive amount of server resources via a malicious layout prototype name.

      Attachments

        Activity

          People

            support-ee EE Support
            EnterpriseReleaseHU Enterprise Release HU
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Packages

                Version Package
                7.2.X EE