CVE-2024-25608
MEDIUM6.1EPSS 17.6%Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement Character
發布日:2024/2/20修改日:2025/7/29
描述
HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' (U+FFFD), which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, (3) `noSuchEntryRedirect` parameter, and (4) others parameters that rely on HtmlUtil.escapeRedirect.
受影響套件(2)
- Maven/com.liferay.portal:release.dxp.bomfrom 0, < 7.2.10.fp19
- Maven/com.liferay.portal:release.portal.bom>= 7.2.0, < 7.4.3.19-ga19
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-25608
- PATCHhttps://github.com/liferay/liferay-portal
- WEBhttps://github.com/liferay/liferay-portal/commit/36adf82ef7a09c7035d4f19a1982dcde1ae3f6ae
- WEBhttps://github.com/liferay/liferay-portal/commit/aea651fa5110934b6a00d93391fac87985e27786
- WEBhttps://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25608