CVE-2011-1571: Liferay Portal vulnerable to arbitrary command injection

May 13, 2022 (updated July 15, 2025)

Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.

References

github.com/advisories/GHSA-rpj9-pc39-h8j8
github.com/liferay/liferay-portal
github.com/liferay/liferay-portal/commit/55502ca16019e1ea1a581ee87f4f20cde638c825
nvd.nist.gov/vuln/detail/CVE-2011-1571

Code Behaviors & Features

Detect and mitigate CVE-2011-1571 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →