GHSA-97gm-mcv6-cphm

Suggest an improvement
Source
https://github.com/advisories/GHSA-97gm-mcv6-cphm
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-97gm-mcv6-cphm/GHSA-97gm-mcv6-cphm.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-97gm-mcv6-cphm
Aliases
  • CVE-2010-5327
Published
2022-05-17T03:05:00Z
Modified
2024-12-02T05:41:32.091492Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Shell command injection in Liferay Portal
Details

Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template.

Database specific
{
    "nvd_published_at": "2017-01-13T19:59:00Z",
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-10T22:39:30Z"
}
References

Affected packages

Maven / com.liferay.portal:portal-impl

Package

Name
com.liferay.portal:portal-impl
View open source insights on deps.dev
Purl
pkg:maven/com.liferay.portal/portal-impl

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.2.11

Affected versions

5.*

5.2.3

6.*

6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.1.0
6.1.1
6.1.2
6.2.0-B1
6.2.0-B2
6.2.0-B3
6.2.0-M5
6.2.0-M6
6.2.0-RC1
6.2.0-RC2
6.2.0-RC3
6.2.0-RC4
6.2.0-RC5
6.2.0-ga1
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5

Maven / com.liferay.portal:portal-service

Package

Name
com.liferay.portal:portal-service
View open source insights on deps.dev
Purl
pkg:maven/com.liferay.portal/portal-service

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.2.11

Affected versions

5.*

5.2.3

6.*

6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.1.0
6.1.1
6.1.2
6.2.0-B1
6.2.0-B2
6.2.0-B3
6.2.0-M5
6.2.0-M6
6.2.0-RC1
6.2.0-RC2
6.2.0-RC3
6.2.0-RC4
6.2.0-RC5
6.2.0-ga1
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5