portal-impl is vulnerable to authorization bypass. The property portlet.resource.id.banned.paths.regexp
can be bypassed with doubled encoded URLs.
github.com/community-security-team/liferay-portal/commit/9dc1141fcde16cfb6819943aedebbb5113d09de2
github.com/community-security-team/liferay-portal/commit/af5048f91a569026aba6037846b6322d56c4dc74
issues.liferay.com/browse/LPE-17046
portal.liferay.dev/learn/security/known-vulnerabilities
portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119772204