Summary: Arbitrary code execution is possible via JSON web services (JSONWS) leads to deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2. Description: Liferay Portal provides a comprehensive JSON web service API at ‘/api/jsonws’ with examples for three different ways of invoking the web service method: Via the generic URL /api/jsonws/invoke Via … Continue reading “Liferay Portal JSONWS Unauthenticated Remote code execution Vulnerability (CVE-2020-7961)”