In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-09-24T14:56:23
Updated: 2024-08-04T13:30:22.352Z
Reserved: 2020-07-20T00:00:00
Link: CVE-2020-15840
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-09-24T15:15:14.080
Modified: 2020-10-07T11:36:22.337
Link: CVE-2020-15840
Redhat
No data.