CVE-2023-33950 MEDIUM

CVE-2023-33950

Vendor Liferay
Product Portal
Weakness CWE-1333
Published May 24, 2023
Last update October 22, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs.

Key dates

02Disclosure timeline

May 24, 2023 CVE published
October 22, 2024 Record updated