CVE-2022-28977

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.1 through 7.4.2 Liferay DXP versions 7.0 fix pack 91 through 101 Liferay DXP versions 7.1 fix pack 17 through 25 Liferay DXP versions 7.2 fix pack 5 through 14 Liferay DXP version 7.3 before service pack 3

Description The issue allows remote attackers to redirect users to arbitrary external URLs by circumventing HtmlUtil.escapeRedirect using multiple forward slashes. This can be achieved via the redirect parameter, FORWARD URL parameter, and other parameters that rely on HtmlUtil.escapeRedirect.

Recommendations For Liferay Portal versions 7.3.1 through 7.4.2, update to a version that includes the fix for this issue. For Liferay DXP versions 7.0 fix pack 91 through 101, apply a fix pack that addresses this vulnerability. For Liferay DXP versions 7.1 fix pack 17 through 25, apply a fix pack that addresses this vulnerability. For Liferay DXP versions 7.2 fix pack 5 through 14, apply a fix pack that addresses this vulnerability. For Liferay DXP version 7.3 before service pack 3, apply service pack 3 or later to resolve the issue. As a temporary workaround, consider restricting access to parameters that rely on HtmlUtil.escapeRedirect, such as redirect and FORWARD URL, to minimize the risk of exploitation.