Description
A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin.
Remediation
References
http://liferay.com
https://issues.liferay.com/browse/LPE-17518
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42123
Related Vulnerabilities
CVE-2020-13936 Vulnerability in maven package org.apache.velocity:velocity-engine-core
CVE-2013-0158 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2019-19466 Vulnerability in npm package sceditor
CVE-2021-44548 Vulnerability in maven package org.apache.solr:solr-core
CVE-2020-2283 Vulnerability in maven package org.jenkins-ci.plugins:liquibase-runner