mirror of
https://github.com/gobysec/GobyVuls.git
synced 2025-05-06 02:31:35 +00:00
CVE-2020-7961 Liferay Portal Java Unmarshalling via JSONWS RCE
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
FOFA query rule: app="Liferay"
Demo
