CVE-2020-15840

In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs...

PT-2020-14663 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions prior to 7.3.1 Liferay Portal 6.2 EE Liferay DXP versions prior to 7.2 Description: The issue allows the property 'portlet.resource.id.banned.paths.regexp' to be bypassed using doubled encoded URLs. Recommendations: Fo...