Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1jeDg0LTQzeGMtM2dtMs4AAv3k

Improper Certificate Validation in Liferay Portal

Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3.

Permalink: https://github.com/advisories/GHSA-cx84-43xc-3gm2
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jeDg0LTQzeGMtM2dtMs4AAv3k
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: about 1 year ago


CVSS Score: 4.8
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Identifiers: GHSA-cx84-43xc-3gm2, CVE-2022-42131
References:

Affected Packages

maven:com.liferay.portal:release.portal.bom
Dependent packages: 5
Dependent repositories: 33
Downloads:
Affected Version Ranges: >= 7.1.0, < 7.4.3.4
Fixed in: 7.4.3.4
All affected versions: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.4.0, 7.4.1, 7.4.2
All unaffected versions: 7.0.6