Security
Headlines

Headlines Latest CVEs

Headline

GHSA-w6f8-mxf5-4vf8: Missing authorization in Liferay portal

The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL.

1 year ago

Missing authorization in Liferay portal

Moderate severity GitHub Reviewed Published May 24, 2023 to the GitHub Advisory Database • Updated May 24, 2023

Related news

CVE-2023-33948: CVE-2023-33948 Unauthorized access to Document and Media files via Forms - Liferay

The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL.

1 year ago

#vulnerability #web #auth

ghsa: Latest News

GHSA-g5x8-v2ch-gj2g: Vaultwarden HTML injection vulnerability

2 days ago

GHSA-x7m9-mv49-fv73: Vaultwarden vulnerable to user impersonation

2 days ago

GHSA-vprm-27pv-jp3w: Vaultwarden authenticated reflected cross-site scripting (XSS) vulnerability

2 days ago

GHSA-5xh2-23cc-5jc6: Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution

2 days ago

GHSA-675f-rq2r-jw82: JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

2 days ago