42 matches found
Spring HATEOAS 安全漏洞
Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications . A security vulnerability exists in Spring HATEOAS versions 1.5.4 and earlier, 2.0.4 and earlier, and 2.1.0, which stems from the fa...
CVE-2023-25575 Secured properties in API Platform Core may be accessible within collections
API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON...
Incorrect Default Permissions in Liferay Portal
The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API...
GHSA-WGQM-QP44-CG6X Incorrect Default Permissions in Liferay Portal
The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API...
CVE-2022-42128
The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API...
Design/Logic Flaw
The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API...
CVE-2022-42128
The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API...
CVE-2022-42128
CVE-2022-42128 affects Liferay Portal 7.4.1–7.4.3.4 and Liferay DXP 7.4 GA. The Hypermedia REST APIs module fails to properly enforce permissions, allowing remote attackers to obtain a WikiNode object through WikiNodeResource.getSiteWikiNodeByExternalReferenceCode. Impact is information disclosur...
PT-2022-26274 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.1 through 7.4.3.4 Liferay DXP version 7.4 GA Description: The issue concerns the Hypermedia REST APIs module, which fails to properly check permissions. This allows remote attackers to obtain a WikiNode object via...
CVE-2022-42128
The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API...
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...
PT-2022-19884 · H5P +1 · H5P +1
Name of the Vulnerable Software and Affected Versions: H5P affected versions not specified Description: The issue is related to a CSRF risk when enabling and disabling installed H5P libraries, as the necessary token to prevent this risk was not included. Recommendations: At the moment, there is n...
Liferay Portal Path Traversal Vulnerability via the Hypermedia REST APIs Module
Path traversal vulnerability in the Hypermedia REST APIs module before 4.0.12 from Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...
GHSA-5J86-VMPX-42PC Liferay Portal Path Traversal Vulnerability via the Hypermedia REST APIs Module
Path traversal vulnerability in the Hypermedia REST APIs module before 4.0.12 from Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...
CVE-2022-28981
Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...
CVE-2022-28981
Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...
Path traversal
Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...
CVE-2022-28981
Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...
CVE-2022-28981
CVE-2022-28981 is a path traversal vulnerability in the Hypermedia REST APIs module of Liferay Portal 7.4.0–7.4.2. The issue allows remote attackers to access files outside com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter. Impact is file disclosure; CVSS v3.1 base...
CVE-2022-28981
Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...