Skip to main content

Inefficient Regular Expression Complexity


Severity High
Score 7.5/10


ReDoS vulnerability in 'LayoutPageTemplateEntryUpgradeProcess' in Liferay Portal 7.3.2 through and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected into the 'name' field of a layout prototype.

  • LOW
  • NONE
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-1333 - Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

Advisory Timeline

  • Published