PT-2022-8909 · Liferay · Liferay Portal Server

Name of the Vulnerable Software and Affected Versions: Liferay Portal Server versions 7.2.0 GA1 through 7.3.5 GA6 Description: The issue allows an administrator user to inject Groovy script, enabling the execution of any OS command on the Liferay Portal Server. This is disputed by the developer a...

CVE-2021-21248 Post-Auth Arbitrary Code execution via Groovy script injection

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability involving the build endpoint parameters. InputSpec is used to define parameters of a Build spec. It does so by using dynamically generated Groovy classes. A user able to control job paramete...