Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs.
References
Link | Resource |
---|---|
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33950 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
31 May 2023, 20:22
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33950 - Vendor Advisory | |
First Time |
Liferay
Liferay liferay Portal Liferay digital Experience Platform |
|
CWE | CWE-1333 | |
CPE | cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update48:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update76:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
24 May 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-24 17:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-33950
Mitre link : CVE-2023-33950
CVE.ORG link : CVE-2023-33950
JSON object : View
Products Affected
liferay
- liferay_portal
- digital_experience_platform
CWE