Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS04N20zLTZxajMtcDN4aM4AA5JH

Liferay Portal denial of service (memory consumption)

The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images.

Permalink: https://github.com/advisories/GHSA-87m3-6qj3-p3xh
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04N20zLTZxajMtcDN4aM4AA5JH
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 23 days ago
Updated: 23 days ago


CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Identifiers: GHSA-87m3-6qj3-p3xh, CVE-2024-25143
References:

Affected Packages

maven:com.liferay.portal:release.portal.bom
Versions: >= 7.2.0, < 7.3.7
Fixed in: 7.3.7