CVE-2024-25143

Uncontrolled Resource Consumption in maven/com.liferay.portal/release.portal.bom

Identifiers

GHSA-87m3-6qj3-p3xh, CVE-2024-25143

Package Slug

maven/com.liferay.portal/release.portal.bom

Vulnerability

Uncontrolled Resource Consumption

Description

The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images.

Affected Versions

All versions starting from 7.2.0 before 7.3.7

Solution

Upgrade to version 7.3.7 or above.

Last Modified

2024-02-09

source