Description
A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin.
Remediation
References
http://liferay.com
https://issues.liferay.com/browse/LPE-17518
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42123
Related Vulnerabilities
CVE-2022-41230 Vulnerability in maven package org.jenkins-ci.plugins:build-publisher
CVE-2020-6452 Vulnerability in npm package electron
CVE-2020-2096 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-hook
CVE-2023-28682 Vulnerability in maven package org.jenkins-ci.plugins:perfpublisher
CVE-2020-1926 Vulnerability in maven package org.apache.hive:hive-service