BIT-liferay-2023-33950

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/liferay/BIT-liferay-2023-33950.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-liferay-2023-33950

Aliases

Published

2024-01-31T15:17:19.210Z

Modified

2024-02-19T10:36:29.170Z

Summary

[none]

Details

Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs.

Database specific

{
    "cpes": [
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update48:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update76:*:*:*:*:*:*"
    ],
    "severity": "High"
}

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33950

Affected packages

Bitnami / liferay

Package

Name: liferay
Purl: pkg:bitnami/liferay

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

7.4-update48.0

Last affected

7.4-update48.0

Introduced

7.4-update76.0

Last affected

7.4-update76.0