One 、 Vulnerability description

2020 year 03 month 20 Japan ,Code White Found the impact Liferay Portal edition 6.1、6.2、7.0、7.1 and 7.2 Multiple critical levels of JSON Deserialization vulnerability . They are allowed to pass JSON web service API Execute unauthenticated remote code . repair Liferay Portal Version has 6.2 GA6、7.0 GA7、7.1 GA4 and 7.2 GA2.

Liferay（ also called Liferay Portal） Is an open source portal project , The project contains a complete J2EE application , In order to create Web Site 、 Intranet , To show the appropriate customer base the documents and applications that match them .

Two 、 Affects version

Liferay Portal: 6.1、6.2、7.0、7.1、7.2

3、 ... and 、 Vulnerability analysis

Liferay Portal Provides Json Web Service service , For some callable endpoints , If a method provides Object Parameter type , Then it can be constructed to conform to Java Beans Can use malicious class , Transfer constructed json Deserialize string ,y When deserializing, the malicious class will be called automatically setter Method and default constructor .

JODD Serialization and deserialization