The Flags module in Liferay Portal 7.3.1 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 5, does not limit the rate at which content can be flagged as inappropriate, which allows remote authenticated users to spam the site administrator with emails
References
Link | Resource |
---|---|
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747590 | Patch Release Notes Vendor Advisory |
https://issues.liferay.com/browse/LPE-17007 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2021-08-03 12:15
Updated : 2021-08-11 16:54
NVD link : CVE-2021-33320
Mitre link : CVE-2021-33320
JSON object : View
CWE
CWE-770
Allocation of Resources Without Limits or Throttling
Products Affected
liferay
- liferay_portal
- dxp