CVE-2023-33950: Inefficient Regular Expression Complexity

May 24, 2023 (updated June 2, 2023)

Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that is vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs.

References

github.com/advisories/GHSA-chrc-q6v3-jfv8
liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33950
nvd.nist.gov/vuln/detail/CVE-2023-33950

Detect and mitigate CVE-2023-33950 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →