CVE-2020-15840

Published: 2020-09-24T15:15Z

Last Modified: 2024-11-21T05:06Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt