-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.liferay.portal:release.portal.bom | maven | >= 7.4.0-ga1, < 7.4.3.112-ga112 | 7.4.3.112-ga112 |
Miggo AIRoot Cause AnalysisThe vulnerability allows authenticated users to spoof the file extension of a downloaded vCard file. This is due to the user's name being directly used in the Content-Disposition header without proper sanitization. An attacker could set their full name to a value like ../../sensitive.txt to potentially traverse directories and overwrite files, or to filename.bat to trick the user into executing a malicious file. The analysis of the provided patch 7b4403becd9433ccefb44005d28d85b943bb1ecc clearly points to the exportVCard method in the com.liferay.contacts.web.internal.portlet.ContactsCenterPortlet class as the vulnerable function. The patch applies URL encoding to the user's full name, which is a standard mitigation for this type of injection vulnerability. This prevents the browser from interpreting special characters in the filename and ensures the file is downloaded with the intended .vcf extension.
JavaJavaOngoing coverage of React2Shell