CVE-2022-42123

A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin...

EUVD-2022-7363

Malicious code in bioql PyPI...

Path Traversal in Liferay Portal

A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin...

GHSA-HFFX-R282-W2G9 Path Traversal in Liferay Portal

A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin...

Design/Logic Flaw

A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin...

CVE-2022-42123

A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin...

CVE-2022-42123

CVE-2022-42123 describes a Zip Slip vulnerability in the Elasticsearch Connector used by Liferay Portal (versions 7.3.3–7.4.3.18) and Liferay DXP (7.3 before update 6; 7.4 before update 19). The underlying issue allows an attacker to create or overwrite files on the filesystem via a malicious Ela...

CVE-2022-42123

A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin...

PT-2022-26269 · Elastic +1 · Elasticsearch +4

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.3 through 7.4.3.18 Liferay DXP versions 7.3 before update 6 Liferay DXP versions 7.4 before update 19 Description: A Zip slip vulnerability in the Elasticsearch Connector allows attackers to create or overwrite...

Liferay Portal和Liferay DXP 路径遍历漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...