BIT-liferay-2020-15839
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/liferay/BIT-liferay-2020-15839.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/BIT-liferay-2020-15839
- Aliases
- Published
- 2024-01-31T15:22:25.605Z
- Modified
- 2024-02-19T10:36:29.170Z
- Summary
- [none]
- Details
-
Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files.
- Database specific
{ "cpes": [ "cpe:2.3:a:liferay:digital_experience_platform:7.1:-:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_10:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_11:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_12:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_13:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_14:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_15:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_16:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_17:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_1:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_2:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_3:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_4:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_5:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_6:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_7:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_8:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_9:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:sp1:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.2:-:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_1:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_2:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_3:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_4:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_5:*:*:*:*:*:*" ], "severity": "Medium" }- References
Affected packages
Bitnami / liferay
Package
- Name
- liferay
- Purl
- pkg:bitnami/liferay
Severity
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Affected ranges
- Type
- SEMVER
- Events
-
Introduced7.1.0Last affected7.1.0Introduced7.2.0Last affected7.2.0
- Type
- SEMVER
- Events
-
Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-sp1.0Last affected7.1-sp1.0Introduced7.2-fix.0Last affected7.2-fix.0Introduced7.2-fix.0Last affected7.2-fix.0Introduced7.2-fix.0Last affected7.2-fix.0Introduced7.2-fix.0Last affected7.2-fix.0Introduced7.2-fix.0Last affected7.2-fix.0