CVE-2021-33331

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.0.0 through 7.3.1 Liferay DXP versions 7.0 through 7.0 before fix pack 94 Liferay DXP versions 7.1 through 7.1 before fix pack 19 Liferay DXP versions 7.2 through 7.2 before fix pack 8

Description The issue concerns an open redirect vulnerability in the Notifications module. This vulnerability allows remote attackers to redirect users to arbitrary external URLs via the redirect parameter.

Recommendations For Liferay Portal versions 7.0.0 through 7.3.1, update to a version outside of this range to resolve the issue. For Liferay DXP version 7.0, apply fix pack 94 or later to address the vulnerability. For Liferay DXP version 7.1, apply fix pack 19 or later to resolve the issue. For Liferay DXP version 7.2, apply fix pack 8 or later to address the vulnerability. As a temporary workaround, consider restricting access to the Notifications module or avoiding the use of the redirect parameter until a patch is available.