Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-9053

Upgrade fileupload-commons to 1.3.1

    XMLWordPrintableJSON

Details

    Description

      The project appears to pull in FileUpload 1.2.1. According to CVE-2014-0050:

      "MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions."

      Source

      Attachments

        1. SOLR-9053.patch
          3 kB
          Mike Drob

        Issue Links

          Activity

            People

              janhoy Jan H√łydahl
              tfield Terra Field
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: