CVE-2023-33950

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.48 through 7.4.3.76 Liferay DXP 7.4 update 48 through 76

Description The issue allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns in Pattern Redirects. This enables remote attackers to consume an excessive amount of server resources via crafted request URLs.

Recommendations For Liferay Portal versions 7.4.3.48 through 7.4.3.76, consider restricting the use of regular expressions in Pattern Redirects until a patch is available. For Liferay DXP 7.4 update 48 through 76, consider restricting the use of regular expressions in Pattern Redirects until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.