CVE-2023-33950
Liferay Portal has Inefficient Regular Expression
6.5
MEDIUM
CVSS 3.1
EPSS 0.67%
Description
Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs.
How to fix CVE-2023-33950
To remediate CVE-2023-33950, upgrade the affected package to a fixed version below.
- —no fix listed
- —upgrade to 7.4.3.77 or later
Is CVE-2023-33950 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 7.4-update48.0, <= 7.4-update48.0, >= 7.4-update76.0, <= 7.4-update76.0
- >= 7.4.3.48, < 7.4.3.77
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |