Description

Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs.

Remediation

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33950

Related Vulnerabilities

CVE-2018-1000143 Vulnerability in maven package org.jenkins-ci.plugins:ghprb

CVE-2019-10327 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-maven-parent

CVE-2020-2249 Vulnerability in maven package org.jenkins-ci.plugins:tfs

CVE-2020-2300 Vulnerability in maven package org.jenkins-ci.plugins:active-directory

CVE-2020-6461 Vulnerability in maven package org.webjars.npm:electron

Severity

High

Classification

CWE-1333 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Vendor Advisory