Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jaHJjLXE2djMtamZ2OM4AAzdZ
Liferay Portal has Inefficient Regular Expression
Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs.
Permalink: https://github.com/advisories/GHSA-chrc-q6v3-jfv8JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jaHJjLXE2djMtamZ2OM4AAzdZ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 11 months ago
Updated: 6 months ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-chrc-q6v3-jfv8, CVE-2023-33950
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-33950
- https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33950
- https://github.com/advisories/GHSA-chrc-q6v3-jfv8
Affected Packages
maven:com.liferay.portal:release.portal.bom
Dependent packages: 5Dependent repositories: 33
Downloads:
Affected Version Ranges: >= 7.4.3.48, < 7.4.3.77
Fixed in: 7.4.3.77
All affected versions:
All unaffected versions: 7.0.6, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.4.0, 7.4.1, 7.4.2