-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability stems from insufficient security controls in template processing. The commit patching CVE-2010-5327 introduces PACL enforcement (PACLVelocityTemplate/PACLFreeMarkerTemplate), replaces ObjectConstructor with a secured version, and adds class resolution restrictions. The vulnerable functions are the unpatched versions of these methods, which allowed arbitrary class instantiation and template execution without proper security context. The high confidence comes from direct correlation between the vulnerability description (Velocity template RCE) and the security measures added in the commit.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.liferay.portal:portal-impl | maven | < 6.2.11 | 6.2.11 |
| com.liferay.portal:portal-service | maven | < 6.2.11 | 6.2.11 |
Ongoing coverage of React2Shell