Vulnerabilities > CVE-2022-42124 - Unspecified vulnerability in Liferay Digital Experience Platform and Liferay Portal
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected into the 'name' field of a layout prototype.
Vulnerable Configurations
References
- http://liferay.com
- http://liferay.com
- https://issues.liferay.com/browse/LPE-17435
- https://issues.liferay.com/browse/LPE-17435
- https://issues.liferay.com/browse/LPE-17535
- https://issues.liferay.com/browse/LPE-17535
- https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42124
- https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42124