Description
A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin.
Remediation
References
http://liferay.com
https://issues.liferay.com/browse/LPE-17518
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42123
Related Vulnerabilities
CVE-2019-12421 Vulnerability in maven package org.apache.nifi:nifi-framework
CVE-2018-1999020 Vulnerability in maven package org.onosproject:onos-core-common
CVE-2023-34054 Vulnerability in maven package io.projectreactor.netty:reactor-netty-http
CVE-2019-10383 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2022-42889 Vulnerability in maven package org.apache.commons:commons-text