Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-55132

SSRF vulnerability in Marketplace portlet

    Details

      Description

      A server-side request forgery (SSRF) vulnerability exist in the Marketplace portlet. An attacker can potentially exploit this security vulnerability to force the server to download arbitrary files or launch a denial-of-service (DoS) attack.

      This issue is resolved in 6.2.3 CE GA4. To fix this issues without upgrading to GA4, you can upgrade the Marketplace portlet to version 6.2.0.2 or later.

        Attachments

          Activity

            People

            • Assignee:
              samuel.kong Samuel Kong
              Reporter:
              samuel.kong Samuel Kong
              Participants of an Issue:
              Recent user:
              Esther Sanz
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                4 years, 49 weeks, 5 days ago

                Packages

                Version Package
                6.2.3 CE GA4