Описание
Liferay Portal denial of service (memory consumption)
The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-25143
- https://github.com/liferay/liferay-portal/commit/29b73b9b896c7d44fb5d1800a402698c303d1cf6
- https://github.com/liferay/liferay-portal/commit/4381c10ad0722b3b00c3e3567b68538ab0994145
- https://github.com/liferay/liferay-portal/releases/tag/7.3.7-ga8
- https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25143
Пакеты
com.liferay.portal:release.portal.bom
>= 7.2.0, < 7.3.7
7.3.7
EPSS
7.1 High
CVSS4
6.5 Medium
CVSS3
CVE ID
Дефекты
Связанные уязвимости
The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images.
EPSS
7.1 High
CVSS4
6.5 Medium
CVSS3