CVE-2022-25146

Posted on 2022년 3월 3일2022년 3월 3일 by admin

CVE-2022-25146

The Remote App module in Liferay Portal through v7.4.3.8 and Liferay DXP through v7.4 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message.

Source: CVE-2022-25146

답글 남기기 응답 취소