Description
Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module.
Remediation
References
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42125
http://liferay.com
https://issues.liferay.com/browse/LPE-17517
Related Vulnerabilities
CVE-2022-29049 Vulnerability in maven package org.jenkins-ci.plugins:promoted-builds
CVE-2021-41973 Vulnerability in maven package org.apache.mina:mina-http
CVE-2018-1273 Vulnerability in maven package org.springframework.data:spring-data-commons
CVE-2020-11969 Vulnerability in maven package org.apache.tomee:openejb-core
CVE-2022-41244 Vulnerability in maven package org.jenkins-ci.plugins:view26