Description
A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin.
Remediation
References
http://liferay.com
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42123
https://issues.liferay.com/browse/LPE-17518
Related Vulnerabilities
CVE-2012-3451 Vulnerability in maven package org.apache.cxf:cxf-bundle
CVE-2023-24431 Vulnerability in maven package io.jenkins.plugins:macstadium-orka
CVE-2022-22980 Vulnerability in maven package org.springframework.data:spring-data-mongodb
CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk14
CVE-2022-22950 Vulnerability in maven package org.springframework:spring-core