CVE-2023-33950

MEDIUM6.5EPSS 0.67%

Liferay Portal has Inefficient Regular Expression

發布日:2023/5/24修改日:2024/2/19

描述

Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs.

受影響套件(2)

Bitnami/liferay>= 7.4-update48.0, <= 7.4-update48.0, >= 7.4-update76.0, <= 7.4-update76.0
Maven/com.liferay.portal:release.portal.bom>= 7.4.3.48, < 7.4.3.77

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-33950
PATCHhttps://github.com/liferay/liferay-portal
WEBhttps://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33950