Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-9053

Upgrade fileupload-commons to 1.3.1

Agile BoardAttach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

      Description

      The project appears to pull in FileUpload 1.2.1. According to CVE-2014-0050:

      "MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions."

      Source

        Attachments

        Issue Links

          Activity

            People

            • Assignee:
              janhoy Jan H√łydahl
              Reporter:
              tfield Terra Field

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment