com.liferay.portal:com.liferay.util.java

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting com.liferay.portal:com.liferay.util.javapage 1 of 1

CVE-2022-28977MEDIUMCVSS 6.1EG 6.1✓ Fixed in 7.9.0
2022-09-22
vulnerable: 1.0.0 ... 7.0.0 (153 versions)
HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward …
CVE-2024-25606HIGHCVSS 8.0EG 8.0✓ Fixed in 14.0.0
2024-02-20
vulnerable: 1.0.0 ... 9.0.0 (161 versions)
XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported versions allows attackers with permission t…

Check whether com.liferay.portal:com.liferay.util.java is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for com.liferay.portal:com.liferay.util.java CVEs against the assets you own.

Start Free Scan →