CVE-2023-33950

Summary

Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs.

Affected Software

VendorProductVersion RangeStatus
LiferayPortal7.4.3.48 <= 7.4.3.76affected
LiferayDXP7.4.13.u48 <= 7.4.13.u76affected

Weaknesses

  • CWE-1333: CWE-1333 Inefficient Regular Expression Complexity

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References