Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-13762

XSL Content Portlet can utilize file:/// to potentially access files on the system

    Details

    • Branch Version/s:
      6.0.x, 5.2.x, 5.1.x
    • Backported to Branch:
      Committed

      Description

      The XSL Content Portlet paths for XSL and XML content accept the "file:///" path, granting it access to files across the system and outside of the path for the appserver. As is, the portlet only reads XSL and XML content, but can pose a further risk.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              hugo.huijser Hugo Huijser
              Reporter:
              jonas.choi Jonas Choi
              Participants of an Issue:
              Recent user:
              Esther Sanz
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                10 years, 38 weeks, 5 days ago

                  Packages

                  Version Package
                  6.0.6 GA
                  6.1.0 CE RC1