Vulnerabilities > CVE-2023-33950 - Unspecified vulnerability in Liferay Digital Experience Platform and Liferay Portal

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

liferay

NVD

Published: 2023-05-24

Updated: 2023-05-31

Summary

Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs.

Vulnerable Configurations

Part	Description	Count
Application	Liferay Liferay Digital Experience Platform 7.4 Liferay Liferay Portal 7.4.3.48 Liferay Liferay Portal 7.4.3.49 Liferay Liferay Portal 7.4.3.50 Liferay Liferay Portal 7.4.3.51 Liferay Liferay Portal 7.4.3.52 Liferay Liferay Portal 7.4.3.53 Liferay Liferay Portal 7.4.3.54 Liferay Liferay Portal 7.4.3.55 Liferay Liferay Portal 7.4.3.56 Liferay Liferay Portal 7.4.3.57 Liferay Liferay Portal 7.4.3.58 Liferay Liferay Portal 7.4.3.59 Liferay Liferay Portal 7.4.3.60 Liferay Liferay Portal 7.4.3.61 Liferay Liferay Portal 7.4.3.62 Liferay Liferay Portal 7.4.3.63 Liferay Liferay Portal 7.4.3.64 Liferay Liferay Portal 7.4.3.65 Liferay Liferay Portal 7.4.3.66 Liferay Liferay Portal 7.4.3.67 Liferay Liferay Portal 7.4.3.68 Liferay Liferay Portal 7.4.3.69 Liferay Liferay Portal 7.4.3.70 Liferay Liferay Portal 7.4.3.71 Liferay Liferay Portal 7.4.3.72 Liferay Liferay Portal 7.4.3.73 Liferay Liferay Portal 7.4.3.74 Liferay Liferay Portal 7.4.3.75 Liferay Liferay Portal 7.4.3.76	31

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33950