CVE-2023-33950

Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs.

Published: May 24, 2023
Updated: May 10, 2024
CVE: CVE-2023-33950
GHSA: GHSA-chrc-q6v3-jfv8
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-1333

Affected Software
References

Software	From	Fixed in
com.liferay.portal / release.portal.bom	7.4.3.48	7.4.3.77
liferay / digital_experience_platform	7.4-update48	7.4-update48.x
liferay / digital_experience_platform	7.4-update76	7.4-update76.x
liferay / liferay_portal	7.4.3.48	7.4.3.76.x

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33950

Vulnerability Database

289,697

CVE-2023-33950