GHSA-vjj4-qwcm-552h

Source

https://github.com/advisories/GHSA-vjj4-qwcm-552h

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-vjj4-qwcm-552h/GHSA-vjj4-qwcm-552h.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-vjj4-qwcm-552h

Aliases

BIT-liferay-2022-42124
CVE-2022-42124

Published

2022-11-15T12:00:16Z

Modified

2024-02-16T08:04:29.938718Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Inefficient Regular Expression Complexity in Liferay Portal

Details

ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected into the 'name' field of a layout prototype.

Database specific

{
    "nvd_published_at": "2022-11-15T01:15:00Z",
    "cwe_ids": [
        "CWE-1333"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-21T23:49:32Z"
}

References

Affected packages

Maven / com.liferay.portal:release.portal.bom

Package

Name: com.liferay.portal:release.portal.bom; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/release.portal.bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.3.2

Fixed

7.4.3.5

Affected versions

7.*

7.3.2

7.3.2-1

7.3.3

7.3.3-1

7.3.4

7.3.5

7.3.6

7.3.7

7.4.0

7.4.1

7.4.1-1

7.4.2

7.4.2-1

7.4.3.4