GHSA-HFFX-R282-W2G9 Path Traversal in Liferay Portal

A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin...

Path Traversal in Liferay Portal

A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin...

PT-2022-26269 · Elastic +1 · Elasticsearch +4

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.3 through 7.4.3.18 Liferay DXP versions 7.3 before update 6 Liferay DXP versions 7.4 before update 19 Description: A Zip slip vulnerability in the Elasticsearch Connector allows attackers to create or overwrite...

CVE-2022-42123

A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin...

Liferay Portal和Liferay DXP 路径遍历漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...