Critical severity9.8NVD Advisory· Published Oct 4, 2019· Updated Jun 17, 2026
CVE-2019-16891
CVE-2019-16891
Description
Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.liferay.portal:release.portal.bomMaven | < 7.1.1 | 7.1.1 |
Affected products
2- Liferay/Portal CEdescription
Patches
Vulnerability mechanics
References
7- dappsec.substack.com/p/an-advisory-for-cve-2019-16891-fromnvdExploitThird Party AdvisoryWEB
- sec.vnpt.vn/2019/09/liferay-deserialization-json-deserialization-part-4/nvdExploitThird Party Advisory
- www.youtube.com/watchnvdExploitWEB
- github.com/advisories/GHSA-372h-p48h-xw8qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-16891ghsaADVISORY
- liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cst-7111ghsaWEB
- www.liferay.com/downloads-communitynvdProductRelease NotesWEB
News mentions
0No linked articles in our index yet.