GSA_kwCzR0hTQS04N20zLTZxajMtcDN4aM4AA5JH

High CVSS: 7.1 EPSS: 0.00745% (0.71661 Percentile) EPSS:

Permalink JSON

Liferay Portal denial of service (memory consumption)

Affected Packages	Affected Versions	Fixed Versions
maven:com.liferay.portal:release.portal.bom	>= 7.2.0, < 7.3.7	7.3.7
5 Dependent packages 33 Dependent repositories Affected Version Ranges All affected versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6 All unaffected versions 7.0.6, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.3.7, 7.4.0, 7.4.1, 7.4.2

The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images.

References:

Identifiers

GHSA-87m3-6qj3-p3xh

CVE-2024-25143

Risk

Severity

High

CVSS

CVSS Score: 7.1

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00745

EPSS Percentile: 0.71661

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/liferay/liferay-portal

Date and time

Published

over 1 year ago

Updated

11 months ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories