CVE-2023-33950 – com.liferay.portal:release.portal.bom

Package

Manager: maven
Name: com.liferay.portal:release.portal.bom
Vulnerable Version: >=7.4.3.48 <7.4.3.77

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00448 pctl0.62663

Details

Liferay Portal has Inefficient Regular Expression Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs.

Metadata

Created: 2023-05-24T18:30:26Z
Modified: 2023-05-24T21:56:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-chrc-q6v3-jfv8/GHSA-chrc-q6v3-jfv8.json
CWE IDs: ["CWE-1333"]
Alternative ID: GHSA-chrc-q6v3-jfv8
Finding: F211
Auto approve: 1