Deserialization of Untrusted Data
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
Advisories for Maven/Com.liferay.portal/Com.liferay.portal-Kernel package
2022