Medium severity6.5NVD Advisory· Published Sep 22, 2020· Updated Jun 17, 2026
CVE-2020-15839
CVE-2020-15839
Description
Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.liferay.portal:release.dxp.bomMaven | < 7.1.10.fp18 | 7.1.10.fp18 |
com.liferay.portal:release.dxp.bomMaven | >= 7.2.1, < 7.2.10.fp6 | 7.2.10.fp6 |
Affected products
3- Liferay/Portaldescription
- osv-coords2 versions
>= 7.1.0, <= 7.1.0+ 1 more
- (no CPE)range: >= 7.1.0, <= 7.1.0
- (no CPE)range: < 7.1.10.fp18
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-c7f6-4vx5-4263ghsaADVISORY
- issues.liferay.com/browse/LPE-17029nvdVendor AdvisoryWEB
- issues.liferay.com/browse/LPE-17055nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2020-15839ghsaADVISORY
- portal.liferay.dev/learn/security/known-vulnerabilitiesnvdVendor AdvisoryWEB
- portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784928nvdVendor AdvisoryWEB
News mentions
0No linked articles in our index yet.