CVE-2019-16891: Liferay Portal Allows RCE via Deserialization of a JSON Payload
(updated )
Liferay Portal CE 7.1.0 and earlier allows remote command execution because of deserialization of a JSON payload.
References
- dappsec.substack.com/p/an-advisory-for-cve-2019-16891-from
- github.com/advisories/GHSA-372h-p48h-xw8q
- github.com/liferay/liferay-portal
- liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cst-7111
- nvd.nist.gov/vuln/detail/CVE-2019-16891
- www.liferay.com/downloads-community
- www.youtube.com/watch?v=DjMEfQW3bf0
Code Behaviors & Features
Detect and mitigate CVE-2019-16891 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →