CVE-2022-22950
knowledge-article-header-disclaimer-how-to
knowledge-article-header-disclaimer
legacy-article
learn-legacy-article-disclaimer-text
Issue
- We would like to determine whether Liferay is vulnerable to CVE-2022-22950.
- The CVE claims that in Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
Environment
- DXP 7.2, DXP 7.1, DXP 7.0
Resolution
- Request a hotfix containing LPE-17599.
did-this-article-resolve-your-issue
