A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 up to and including 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows malicious users to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
liferay digital experience platform 7.3 |
||
liferay liferay portal |
||
liferay digital experience platform 7.4 |