Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS13Mjc1LW04Y3ItaGYyds4AA5J4

Liferay Portal denial-of-service vulnerability

The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.

Permalink: https://github.com/advisories/GHSA-w275-m8cr-hf2v
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13Mjc1LW04Y3ItaGYyds4AA5J4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 22 days ago
Updated: 10 days ago


CVSS Score: 4.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L

Identifiers: GHSA-w275-m8cr-hf2v, CVE-2024-25144
References:

Affected Packages

maven:com.liferay.portal:release.dxp.bom
Versions: >= 7.4.0, < 7.4.13.u27, >= 7.3.0, < 7.3.10.u6, >= 7.2.0, < 7.2.10.fp19
Fixed in: 7.4.13.u27, 7.3.10.u6, 7.2.10.fp19
maven:com.liferay.portal:release.portal.bom
Versions: >= 7.2.0, < 7.4.3.27
Fixed in: 7.4.3.27