Description
A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin.
Remediation
References
http://liferay.com
https://issues.liferay.com/browse/LPE-17518
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42123
Related Vulnerabilities
CVE-2018-1000191 Vulnerability in maven package com.blackducksoftware.integration:blackduck-detect
CVE-2017-7661 Vulnerability in maven package org.apache.cxf.fediz:fediz-spring2
CVE-2021-39239 Vulnerability in maven package org.apache.jena:jena-core
CVE-2016-5388 Vulnerability in maven package org.apache.tomcat:tomcat
CVE-2011-2204 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core