VYPR
Medium severity6.5NVD Advisory· Published Sep 22, 2020· Updated Jun 17, 2026

CVE-2020-15839

CVE-2020-15839

Description

Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.liferay.portal:release.dxp.bomMaven
< 7.1.10.fp187.1.10.fp18
com.liferay.portal:release.dxp.bomMaven
>= 7.2.1, < 7.2.10.fp67.2.10.fp6

Affected products

3

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.