-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.liferay.portal:release.portal.bom | maven | >= 7.4.1, <= 7.4.3.4 | 7.4.3.5 |
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability centers on missing permission checks in the Hypermedia REST API's WikiNodeResource endpoint. While no actual patch diffs are available, all authoritative sources (CVE description, Liferay advisory, GHSA) explicitly identify getSiteWikiNodeByExternalReferenceCode as the vulnerable API method. In runtime profiling, this would appear as the primary entry point handling unauthorized requests for WikiNode objects. The function signature follows Liferay's standard pattern for REST resource classes in the headless-delivery module.
Ongoing coverage of React2Shell