How To articles are not official guidelines or officially supported documentation. They are community-contributed content and may not always reflect the latest updates to Liferay DXP. We welcome your feedback to improve How To articles!
While we make every effort to ensure this Knowledge Base is accurate, it may not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with any feedback or concerns.
legacy-article
learn-legacy-article-disclaimer-text
問題
CVE-2020-7961の脆弱性があるかどうかを判断したい。
環境
DXP7.3、DXP7.2、DXP7.1、DXP7.0
解像度
CVE-2020-7961の脆弱性をテストする手順は以下の通りです: 1. Liferay バンドル 2. while true; do curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' --data-binary 'cmd={"/expandocolumn/add-column":{}}&formDate=0&tableId=0&name=&type=0&%2bdefaultData:com.mchange.v2.c3p0.WrapperConnectionPoolDataSource={"userOverridesAsString": "HexAsciiSerializedMap[aced0005757200135b4c6a6176612e6c616e672e4f626a6563743b90ce589f1073296c02000078707ffffff7]"}' http://127.0.0.1:8080/api/jsonws/invoke > /dev/null 2>&1; done 3. 下記は期待されるレスポンスです: ERROR [http-nio-8080-exec-7][JSONWebServiceServiceAction:126] com.mchange.v2.c3p0.WrapperConnectionPoolDataSource is not allowed to be instantiated