CVE-2022-42131: Improper Certificate Validation

November 15, 2022 (updated November 21, 2022)

Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module’s REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3.

References

liferay.com/
github.com/advisories/GHSA-cx84-43xc-3gm2
issues.liferay.com/browse/LPE-17377
nvd.nist.gov/vuln/detail/CVE-2022-42131
portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42131

Detect and mitigate CVE-2022-42131 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →