Issue
- Security vulnerability CVE-2024-28752 details a SSRF vulnerability with the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3, and 3.5.8, which would allow an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.
- These details are from: https://nvd.nist.gov/vuln/detail/CVE-2024-28752
Environment
- Liferay DXP 7.4
Resolution
- This issue affects users using the Aegis DataBinding. However, Liferay does not use
org.apache.cxf:cxf-rt-databinding-aegis
, so this vulnerability does not affect Liferay. More specifically, Liferay only usescxf-rt-databinding-jaxb
Additional Information
Contenido exclusivo para suscriptores.
Una Suscripción Enterprise de Liferay proporciona acceso a más de 1.500 artículos que incluyen las mejores practicas, diagnóstico de problemas y otras soluciones útiles. Inicia sesión para tener un acceso completo.
Inicia sesión