Description
ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 allows remote attackers to consume an excessive amount of server resources via a crafted payload injected into the 'name' field of a layout prototype.
Severity
null (null)
Notes
There is no patch available for Liferay Portal 7.3 and 7.4. Instead, users should upgrade to Liferay Portal 7.4 GA5 (7.4.3.5) or later.
Publication date: Wed, 19 Oct 2022 04:03:00 +0000