GHSA-97gm-mcv6-cphm

Source

https://github.com/advisories/GHSA-97gm-mcv6-cphm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-97gm-mcv6-cphm/GHSA-97gm-mcv6-cphm.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-97gm-mcv6-cphm

Aliases

CVE-2010-5327

Published

2022-05-17T03:05:00Z

Modified

2024-12-02T05:41:32.091492Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Shell command injection in Liferay Portal

Details

Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template.

Database specific

{
    "nvd_published_at": "2017-01-13T19:59:00Z",
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed_at": "2024-01-10T22:39:30Z",
    "github_reviewed": true
}

References

Affected packages

Maven / com.liferay.portal:portal-impl

Package

Name: com.liferay.portal:portal-impl; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/portal-impl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.2.11

Affected versions

5.*

5.2.3

6.*

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.1.0

6.1.1

6.1.2

6.2.0-B1

6.2.0-B2

6.2.0-B3

6.2.0-M5

6.2.0-M6

6.2.0-RC1

6.2.0-RC2

6.2.0-RC3

6.2.0-RC4

6.2.0-RC5

6.2.0-ga1

6.2.1

6.2.2

6.2.3

6.2.4

6.2.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-97gm-mcv6-cphm/GHSA-97gm-mcv6-cphm.json"

Maven / com.liferay.portal:portal-service