CVE-2020-24554: URL Redirection to Untrusted Site ('Open Redirect')

May 7, 2021 (updated September 24, 2021)

The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist.

References

github.com/advisories/GHSA-mg53-xr8m-86hw
nvd.nist.gov/vuln/detail/CVE-2020-24554

Code Behaviors & Features

Detect and mitigate CVE-2020-24554 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →