An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS04N20zLTZxajMtcDN4aM4AA5JH

Liferay Portal denial of service (memory consumption)

The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 23 days ago
Updated: 23 days ago

CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Identifiers: GHSA-87m3-6qj3-p3xh, CVE-2024-25143

Affected Packages
Versions: >= 7.2.0, < 7.3.7
Fixed in: 7.3.7