CVE-2023-33950

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-33950

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33950.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-33950

Aliases

Published

2023-05-24T17:15:10Z

Modified

2025-03-05T04:42:04Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs.

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33950

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type: GIT
Repo: https://github.com/liferay/liferay-portal
Events: Introduced

441177abdb0a5d065cffded22efcaad0f142b75b

Last affected

fe287ba43998cda2b4dd6700a8cb1ec6ddc90a8f