Path Traversal in Liferay Portal
High severity
GitHub Reviewed
Published
Nov 15, 2022
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Package
Affected versions
>= 7.3.3, < 7.4.3.19
Patched versions
7.4.3.19
Description
Published by the National Vulnerability Database
Nov 15, 2022
Published to the GitHub Advisory Database
Nov 15, 2022
Reviewed
Nov 21, 2022
Last updated
Feb 1, 2023
A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin.
References