BIT-liferay-2023-33950

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/liferay/BIT-liferay-2023-33950.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-liferay-2023-33950
Aliases
Published
2024-01-31T15:17:19.210Z
Modified
2024-02-19T10:36:29.170Z
Summary
[none]
Details

Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs.

References

Affected packages

Bitnami / liferay

Package

Name
liferay
Purl
pkg:bitnami/liferay

Severity

  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
7.4-update48.0
Last affected
7.4-update48.0
Introduced
7.4-update76.0
Last affected
7.4-update76.0