Description

Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs.

Remediation

References

CVE-2023-33950

Related Vulnerabilities

MySQL CVE-2020-14837 Vulnerability (CVE-2020-14837)

WordPress Plugin WordPress Poll Cross-Site Request Forgery (34.05)

WordPress Plugin Tune Library SQL Injection (1.5.4)

WordPress Plugin Spotlight Social Feeds [Block, Shortcode, and Widget] Security Bypass (0.10.1)

WordPress Plugin WP-Members Membership Cross-Site Scripting (3.1.7)

Severity

High

Classification

CVE-2023-33950 CWE-1333 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Tags

Missing Update Known Vulnerabilities