Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-55132

SSRF vulnerability in Marketplace portlet

    Details

      Description

      A server-side request forgery (SSRF) vulnerability exist in the Marketplace portlet. An attacker can potentially exploit this security vulnerability to force the server to download arbitrary files or launch a denial-of-service (DoS) attack.

      This issue is resolved in 6.2.3 CE GA4. To fix this issues without upgrading to GA4, you can upgrade the Marketplace portlet to version 6.2.0.2 or later.

        Attachments

          Activity

            People

            Assignee:
            samuel.kong Samuel Kong
            Reporter:
            samuel.kong Samuel Kong
            Participants of an Issue:
            Recent user:
            Esther Sanz
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              6 years, 23 weeks ago

                Packages

                Version Package
                6.2.3 CE GA4