CVE-2020-15839: Unrestricted Upload of File with Dangerous Type
Liferay Portal, and Liferay DXP before fix pack before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files.
References
- github.com/advisories/GHSA-c7f6-4vx5-4263
- issues.liferay.com/browse/LPE-17029
- issues.liferay.com/browse/LPE-17055
- nvd.nist.gov/vuln/detail/CVE-2020-15839
- portal.liferay.dev/learn/security/known-vulnerabilities
- portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784928
Code Behaviors & Features
Detect and mitigate CVE-2020-15839 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →